diff --git a/config/crds/apm_v1alpha1_apmserver.yaml b/config/crds/apm_v1alpha1_apmserver.yaml index e1df73d3cc8..68539d5be53 100644 --- a/config/crds/apm_v1alpha1_apmserver.yaml +++ b/config/crds/apm_v1alpha1_apmserver.yaml @@ -167,6 +167,36 @@ spec: to change the target path of a secret entry key. The secret must exist in the same namespace as the APM resource. items: + properties: + entries: + description: If unspecified, each key-value pair in the Data field + of the referenced Secret will be projected into the volume as + a file whose name is the key and content is the value. If specified, + the listed keys will be projected into the specified paths, + and unlisted keys will not be present. If a key is specified + which is not present in the Secret, the volume setup will error + unless it is marked optional. Paths must be relative and may + not contain the '..' path or start with '..'. + items: + properties: + key: + description: The key to project. + type: string + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + type: object + type: array + secretName: + description: 'Name of the secret in the pod''s namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + required: + - secretName type: object type: array version: diff --git a/config/crds/elasticsearch_v1alpha1_elasticsearch.yaml b/config/crds/elasticsearch_v1alpha1_elasticsearch.yaml index e3bc0ac4fb7..77366458096 100644 --- a/config/crds/elasticsearch_v1alpha1_elasticsearch.yaml +++ b/config/crds/elasticsearch_v1alpha1_elasticsearch.yaml @@ -172,6 +172,36 @@ spec: to change the target path of a secret entry key. The secret must exist in the same namespace as the Elasticsearch resource. items: + properties: + entries: + description: If unspecified, each key-value pair in the Data field + of the referenced Secret will be projected into the volume as + a file whose name is the key and content is the value. If specified, + the listed keys will be projected into the specified paths, + and unlisted keys will not be present. If a key is specified + which is not present in the Secret, the volume setup will error + unless it is marked optional. Paths must be relative and may + not contain the '..' path or start with '..'. + items: + properties: + key: + description: The key to project. + type: string + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + type: object + type: array + secretName: + description: 'Name of the secret in the pod''s namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + required: + - secretName type: object type: array setVmMaxMapCount: diff --git a/config/crds/kibana_v1alpha1_kibana.yaml b/config/crds/kibana_v1alpha1_kibana.yaml index a3b231e0d1b..fb230053902 100644 --- a/config/crds/kibana_v1alpha1_kibana.yaml +++ b/config/crds/kibana_v1alpha1_kibana.yaml @@ -164,6 +164,36 @@ spec: to change the target path of a secret entry key. The secret must exist in the same namespace as the Kibana resource. items: + properties: + entries: + description: If unspecified, each key-value pair in the Data field + of the referenced Secret will be projected into the volume as + a file whose name is the key and content is the value. If specified, + the listed keys will be projected into the specified paths, + and unlisted keys will not be present. If a key is specified + which is not present in the Secret, the volume setup will error + unless it is marked optional. Paths must be relative and may + not contain the '..' path or start with '..'. + items: + properties: + key: + description: The key to project. + type: string + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + type: object + type: array + secretName: + description: 'Name of the secret in the pod''s namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + required: + - secretName type: object type: array version: diff --git a/config/samples/apm/apmserver.yaml b/config/samples/apm/apmserver.yaml index 69a37fdb5e0..67df553ee63 100644 --- a/config/samples/apm/apmserver.yaml +++ b/config/samples/apm/apmserver.yaml @@ -17,6 +17,6 @@ spec: # - secretName: ref-to-secret # - secretName: another-ref-to-secret # # expose only a subset of the secret keys (optional) -# items: +# entries: # - key: value1 # path: newkey # project a key to a specific path (optional) \ No newline at end of file diff --git a/config/samples/elasticsearch/elasticsearch.yaml b/config/samples/elasticsearch/elasticsearch.yaml index 2e2854aff96..dbfd59e519f 100644 --- a/config/samples/elasticsearch/elasticsearch.yaml +++ b/config/samples/elasticsearch/elasticsearch.yaml @@ -47,7 +47,7 @@ spec: # - secretName: ref-to-secret # - secretName: another-ref-to-secret # # expose only a subset of the secret keys (optional) - # items: + # entries: # - key: value1 # path: newkey # project a key to a specific path (optional) # http: diff --git a/config/samples/kibana/kibana.yaml b/config/samples/kibana/kibana.yaml index e3e8bfb6418..6020750bfc7 100644 --- a/config/samples/kibana/kibana.yaml +++ b/config/samples/kibana/kibana.yaml @@ -24,6 +24,6 @@ spec: # - secretName: ref-to-secret # - secretName: another-ref-to-secret # # expose only a subset of the secret keys (optional) -# items: +# entries: # - key: value1 # path: newkey # project a key to a specific path (optional) diff --git a/docs/elasticsearch-spec.asciidoc b/docs/elasticsearch-spec.asciidoc index 58528e8fb94..1e587cecced 100644 --- a/docs/elasticsearch-spec.asciidoc +++ b/docs/elasticsearch-spec.asciidoc @@ -197,7 +197,7 @@ spec: setVmMaxMapCount: false ---- -For more information, see the Elasticsearch documentation on +For more information, see the Elasticsearch documentation on link:https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html[Virtual memory]. Optionally, you can select a different type of file system implementation for the storage. For possible options, see the @@ -251,17 +251,17 @@ spec: - secretName: two-secure-settings-secret ---- -You can export a subset of secret keys and also project keys to specific paths using the `items`, `key` and `path` fields: +You can export a subset of secret keys and also project keys to specific paths using the `entries`, `key` and `path` fields: [source,yaml] ---- spec: secureSettings: - secretName: your-secure-settings-secret - items: - - key: value1 - path: newkey - type: array + entries: + - key: key1 + - key: key2 + path: newkey2 ---- See link:k8s-snapshot.html[How to create automated snapshots] for an example use case. @@ -298,7 +298,7 @@ spec: bin/elasticsearch-plugin install --batch repository-azure ---- -To install custom configuration files you can use volumes and volume mounts. +To install custom configuration files you can use volumes and volume mounts. The next example shows how to add a synonyms file for the link:https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis-synonym-tokenfilter.html[synonym token filter] in Elasticsearch. diff --git a/pkg/apis/apm/v1alpha1/apmserver_types.go b/pkg/apis/apm/v1alpha1/apmserver_types.go index 082f3a9d5ad..e132484e897 100644 --- a/pkg/apis/apm/v1alpha1/apmserver_types.go +++ b/pkg/apis/apm/v1alpha1/apmserver_types.go @@ -50,10 +50,10 @@ type ApmServerSpec struct { // into the APM keystore on each node. // Each individual key/value entry in the referenced secrets is considered as an // individual secure setting to be injected. - // You can use the `items` and `key` fields to consider only a subset of the secret + // You can use the `entries` and `key` fields to consider only a subset of the secret // entries and the `path` field to change the target path of a secret entry key. // The secret must exist in the same namespace as the APM resource. - SecureSettings []corev1.SecretVolumeSource `json:"secureSettings,omitempty"` + SecureSettings []commonv1alpha1.SecretSource `json:"secureSettings,omitempty"` } // Elasticsearch contains configuration for the Elasticsearch output @@ -153,7 +153,7 @@ func (as *ApmServer) ElasticsearchRef() commonv1alpha1.ObjectSelector { return as.Spec.ElasticsearchRef } -func (as *ApmServer) SecureSettings() []corev1.SecretVolumeSource { +func (as *ApmServer) SecureSettings() []commonv1alpha1.SecretSource { return as.Spec.SecureSettings } diff --git a/pkg/apis/apm/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/apm/v1alpha1/zz_generated.deepcopy.go index 79e3c128a73..b96dc2d90eb 100644 --- a/pkg/apis/apm/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/apm/v1alpha1/zz_generated.deepcopy.go @@ -9,7 +9,7 @@ package v1alpha1 import ( - v1 "k8s.io/api/core/v1" + commonv1alpha1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1alpha1" runtime "k8s.io/apimachinery/pkg/runtime" ) @@ -87,7 +87,7 @@ func (in *ApmServerSpec) DeepCopyInto(out *ApmServerSpec) { in.PodTemplate.DeepCopyInto(&out.PodTemplate) if in.SecureSettings != nil { in, out := &in.SecureSettings, &out.SecureSettings - *out = make([]v1.SecretVolumeSource, len(*in)) + *out = make([]commonv1alpha1.SecretSource, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } diff --git a/pkg/apis/common/v1alpha1/common.go b/pkg/apis/common/v1alpha1/common.go index 4c32ed61c8b..4add5356075 100644 --- a/pkg/apis/common/v1alpha1/common.go +++ b/pkg/apis/common/v1alpha1/common.go @@ -118,3 +118,29 @@ type PodDisruptionBudgetTemplate struct { // +optional Spec v1beta1.PodDisruptionBudgetSpec `json:"spec,omitempty"` } + +type SecretSource struct { + // Name of the secret in the pod's namespace to use. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + SecretName string `json:"secretName"` + // If unspecified, each key-value pair in the Data field of the referenced + // Secret will be projected into the volume as a file whose name is the + // key and content is the value. If specified, the listed keys will be + // projected into the specified paths, and unlisted keys will not be + // present. + // +optional + Entries []KeyToPath `json:"entries,omitempty"` +} + +// Maps a string key to a path within a volume. +type KeyToPath struct { + // The key to project. + Key string `json:"key"` + + // The relative path of the file to map the key to. + // May not be an absolute path. + // May not contain the path element '..'. + // May not start with the string '..'. + // +optional + Path string `json:"path,omitempty"` +} diff --git a/pkg/apis/common/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/common/v1alpha1/zz_generated.deepcopy.go index 7c84c1630eb..0b713277085 100644 --- a/pkg/apis/common/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/common/v1alpha1/zz_generated.deepcopy.go @@ -61,6 +61,22 @@ func (in *HTTPConfig) DeepCopy() *HTTPConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KeyToPath) DeepCopyInto(out *KeyToPath) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyToPath. +func (in *KeyToPath) DeepCopy() *KeyToPath { + if in == nil { + return nil + } + out := new(KeyToPath) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ObjectSelector) DeepCopyInto(out *ObjectSelector) { *out = *in @@ -127,6 +143,27 @@ func (in *SecretRef) DeepCopy() *SecretRef { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecretSource) DeepCopyInto(out *SecretSource) { + *out = *in + if in.Entries != nil { + in, out := &in.Entries, &out.Entries + *out = make([]KeyToPath, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretSource. +func (in *SecretSource) DeepCopy() *SecretSource { + if in == nil { + return nil + } + out := new(SecretSource) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SelfSignedCertificate) DeepCopyInto(out *SelfSignedCertificate) { *out = *in diff --git a/pkg/apis/elasticsearch/v1alpha1/elasticsearch_types.go b/pkg/apis/elasticsearch/v1alpha1/elasticsearch_types.go index fddb1b4cfb2..69fa84ac79f 100644 --- a/pkg/apis/elasticsearch/v1alpha1/elasticsearch_types.go +++ b/pkg/apis/elasticsearch/v1alpha1/elasticsearch_types.go @@ -49,10 +49,10 @@ type ElasticsearchSpec struct { // into Elasticsearch keystore on each node. // Each individual key/value entry in the referenced secrets is considered as an // individual secure setting to be injected. - // You can use the `items` and `key` fields to consider only a subset of the secret + // You can use the `entries` and `key` fields to consider only a subset of the secret // entries and the `path` field to change the target path of a secret entry key. // The secret must exist in the same namespace as the Elasticsearch resource. - SecureSettings []corev1.SecretVolumeSource `json:"secureSettings,omitempty"` + SecureSettings []commonv1alpha1.SecretSource `json:"secureSettings,omitempty"` } // NodeCount returns the total number of nodes of the Elasticsearch cluster @@ -259,7 +259,7 @@ func (e Elasticsearch) IsMarkedForDeletion() bool { return !e.DeletionTimestamp.IsZero() } -func (e Elasticsearch) SecureSettings() []corev1.SecretVolumeSource { +func (e Elasticsearch) SecureSettings() []commonv1alpha1.SecretSource { return e.Spec.SecureSettings } diff --git a/pkg/apis/elasticsearch/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/elasticsearch/v1alpha1/zz_generated.deepcopy.go index b4507700783..e3ac613c5d9 100644 --- a/pkg/apis/elasticsearch/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/elasticsearch/v1alpha1/zz_generated.deepcopy.go @@ -154,7 +154,7 @@ func (in *ElasticsearchSpec) DeepCopyInto(out *ElasticsearchSpec) { } if in.SecureSettings != nil { in, out := &in.SecureSettings, &out.SecureSettings - *out = make([]v1.SecretVolumeSource, len(*in)) + *out = make([]commonv1alpha1.SecretSource, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } diff --git a/pkg/apis/kibana/v1alpha1/kibana_types.go b/pkg/apis/kibana/v1alpha1/kibana_types.go index 5e1a8e695c6..8cae70356f5 100644 --- a/pkg/apis/kibana/v1alpha1/kibana_types.go +++ b/pkg/apis/kibana/v1alpha1/kibana_types.go @@ -51,10 +51,10 @@ type KibanaSpec struct { // into Kibana keystore on each node. // Each individual key/value entry in the referenced secrets is considered as an // individual secure setting to be injected. - // You can use the `items` and `key` fields to consider only a subset of the secret + // You can use the `entries` and `key` fields to consider only a subset of the secret // entries and the `path` field to change the target path of a secret entry key. // The secret must exist in the same namespace as the Kibana resource. - SecureSettings []corev1.SecretVolumeSource `json:"secureSettings,omitempty"` + SecureSettings []commonv1alpha1.SecretSource `json:"secureSettings,omitempty"` } // BackendElasticsearch contains configuration for an Elasticsearch backend for Kibana @@ -109,7 +109,7 @@ func (k *Kibana) ElasticsearchRef() commonv1alpha1.ObjectSelector { return k.Spec.ElasticsearchRef } -func (k *Kibana) SecureSettings() []corev1.SecretVolumeSource { +func (k *Kibana) SecureSettings() []commonv1alpha1.SecretSource { return k.Spec.SecureSettings } diff --git a/pkg/apis/kibana/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/kibana/v1alpha1/zz_generated.deepcopy.go index 3254b67cf9d..416c9395434 100644 --- a/pkg/apis/kibana/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/kibana/v1alpha1/zz_generated.deepcopy.go @@ -9,7 +9,7 @@ package v1alpha1 import ( - v1 "k8s.io/api/core/v1" + commonv1alpha1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1alpha1" runtime "k8s.io/apimachinery/pkg/runtime" ) @@ -105,7 +105,7 @@ func (in *KibanaSpec) DeepCopyInto(out *KibanaSpec) { in.PodTemplate.DeepCopyInto(&out.PodTemplate) if in.SecureSettings != nil { in, out := &in.SecureSettings, &out.SecureSettings - *out = make([]v1.SecretVolumeSource, len(*in)) + *out = make([]commonv1alpha1.SecretSource, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } diff --git a/pkg/controller/common/keystore/resources.go b/pkg/controller/common/keystore/resources.go index 51c63c42679..64c0d6df8bc 100644 --- a/pkg/controller/common/keystore/resources.go +++ b/pkg/controller/common/keystore/resources.go @@ -7,6 +7,7 @@ package keystore import ( "strings" + commonv1alpha1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1alpha1" "github.com/elastic/cloud-on-k8s/pkg/controller/common/driver" "github.com/elastic/cloud-on-k8s/pkg/controller/common/name" corev1 "k8s.io/api/core/v1" @@ -32,7 +33,7 @@ type Resources struct { type HasKeystore interface { metav1.Object runtime.Object - SecureSettings() []corev1.SecretVolumeSource + SecureSettings() []commonv1alpha1.SecretSource // Kind can technically be retrieved from metav1.Object, but there is a bug preventing us to retrieve it // see https://github.com/kubernetes-sigs/controller-runtime/issues/406 Kind() string diff --git a/pkg/controller/common/keystore/resources_test.go b/pkg/controller/common/keystore/resources_test.go index c817c486d65..df35eab689a 100644 --- a/pkg/controller/common/keystore/resources_test.go +++ b/pkg/controller/common/keystore/resources_test.go @@ -7,6 +7,7 @@ package keystore import ( "testing" + commonv1alpha1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1alpha1" "github.com/elastic/cloud-on-k8s/pkg/apis/kibana/v1alpha1" "github.com/elastic/cloud-on-k8s/pkg/controller/common/driver" watches2 "github.com/elastic/cloud-on-k8s/pkg/controller/common/watches" @@ -39,7 +40,7 @@ var ( "key1": []byte("value1"), }, } - testSecureSettingsSecretRef = corev1.SecretVolumeSource{ + testSecureSettingsSecretRef = commonv1alpha1.SecretSource{ SecretName: testSecureSettingsSecretName, } testKibana = v1alpha1.Kibana{ @@ -54,7 +55,7 @@ var ( }, ObjectMeta: testKibana.ObjectMeta, Spec: v1alpha1.KibanaSpec{ - SecureSettings: []corev1.SecretVolumeSource{testSecureSettingsSecretRef}, + SecureSettings: []commonv1alpha1.SecretSource{testSecureSettingsSecretRef}, }, } ) diff --git a/pkg/controller/common/keystore/user_secret.go b/pkg/controller/common/keystore/user_secret.go index d860b2e5989..7d7779ec11e 100644 --- a/pkg/controller/common/keystore/user_secret.go +++ b/pkg/controller/common/keystore/user_secret.go @@ -9,6 +9,7 @@ import ( "reflect" "strings" + commonv1alpha1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1alpha1" "github.com/elastic/cloud-on-k8s/pkg/controller/common/driver" "github.com/elastic/cloud-on-k8s/pkg/controller/common/events" "github.com/elastic/cloud-on-k8s/pkg/controller/common/finalizer" @@ -140,7 +141,7 @@ func retrieveUserSecrets(c k8s.Client, recorder record.EventRecorder, hasKeystor return userSecrets, nil } -func retrieveUserSecret(c k8s.Client, recorder record.EventRecorder, hasKeystore HasKeystore, secretSrc corev1.SecretVolumeSource) (*corev1.Secret, bool, error) { +func retrieveUserSecret(c k8s.Client, recorder record.EventRecorder, hasKeystore HasKeystore, secretSrc commonv1alpha1.SecretSource) (*corev1.Secret, bool, error) { namespace := hasKeystore.GetNamespace() secretName := secretSrc.SecretName @@ -155,13 +156,13 @@ func retrieveUserSecret(c k8s.Client, recorder record.EventRecorder, hasKeystore return nil, false, err } - // If no items, return the whole user secret - if secretSrc.Items == nil { + // If no entries, return the whole user secret + if secretSrc.Entries == nil { return &userSecret, true, nil } - if len(secretSrc.Items) == 0 { - return nil, false, fmt.Errorf("items is empty in secure settings secret %s", secretName) + if len(secretSrc.Entries) == 0 { + return nil, false, fmt.Errorf("set is empty in secure settings secret %s", secretName) } // Else if items is defined, return only a subset of the user secret @@ -169,19 +170,19 @@ func retrieveUserSecret(c k8s.Client, recorder record.EventRecorder, hasKeystore ObjectMeta: userSecret.ObjectMeta, Data: map[string][]byte{}, } - for _, item := range secretSrc.Items { - if item.Key == "" { + for _, entry := range secretSrc.Entries { + if entry.Key == "" { return nil, false, fmt.Errorf("key is empty in secure settings secret %s", secretName) } - newKey := item.Path + newKey := entry.Path if newKey == "" { - newKey = item.Key + newKey = entry.Key } - value, ok := userSecret.Data[item.Key] + value, ok := userSecret.Data[entry.Key] if !ok { - return nil, false, fmt.Errorf("key %s not found in secure settings secret %s", item.Key, secretName) + return nil, false, fmt.Errorf("key %s not found in secure settings secret %s", entry.Key, secretName) } projectionSecret.Data[newKey] = value @@ -205,7 +206,7 @@ func secureSettingsWatchName(namespacedName types.NamespacedName) string { // Only one watch per cluster is registered: // - if it already exists with a different secret, it is replaced to watch the new secret. // - if the given user secret is nil, the watch is removed. -func watchSecureSettings(watched watches.DynamicWatches, secureSettingsRef []corev1.SecretVolumeSource, nn types.NamespacedName) error { +func watchSecureSettings(watched watches.DynamicWatches, secureSettingsRef []commonv1alpha1.SecretSource, nn types.NamespacedName) error { watchName := secureSettingsWatchName(nn) if secureSettingsRef == nil { watched.Secrets.RemoveHandlerForKey(watchName) diff --git a/pkg/controller/common/keystore/user_secret_test.go b/pkg/controller/common/keystore/user_secret_test.go index 0ed4c185edc..c90a12f4a59 100644 --- a/pkg/controller/common/keystore/user_secret_test.go +++ b/pkg/controller/common/keystore/user_secret_test.go @@ -8,6 +8,7 @@ import ( "reflect" "testing" + commonv1alpha1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1alpha1" "github.com/elastic/cloud-on-k8s/pkg/apis/kibana/v1alpha1" "github.com/elastic/cloud-on-k8s/pkg/controller/common/driver" "github.com/elastic/cloud-on-k8s/pkg/controller/common/name" @@ -341,19 +342,19 @@ func Test_retrieveUserSecrets(t *testing.T) { Namespace: "ns", }, Spec: v1alpha1.KibanaSpec{ - SecureSettings: []corev1.SecretVolumeSource{}, + SecureSettings: []commonv1alpha1.SecretSource{}, }, } tests := []struct { name string - args []corev1.SecretVolumeSource + args []commonv1alpha1.SecretSource want []corev1.Secret wantErr bool }{ { name: "secure settings secret with only secret name should be retrieved", - args: []corev1.SecretVolumeSource{ + args: []commonv1alpha1.SecretSource{ { SecretName: testSecretName, }, @@ -363,10 +364,10 @@ func Test_retrieveUserSecrets(t *testing.T) { }, { name: "secure settings secret with empty items should fail", - args: []corev1.SecretVolumeSource{ + args: []commonv1alpha1.SecretSource{ { SecretName: testSecretName, - Items: []corev1.KeyToPath{}, + Entries: []commonv1alpha1.KeyToPath{}, }, }, want: nil, @@ -374,10 +375,10 @@ func Test_retrieveUserSecrets(t *testing.T) { }, { name: "secure settings secret with invalid key should fail", - args: []corev1.SecretVolumeSource{ + args: []commonv1alpha1.SecretSource{ { SecretName: testSecretName, - Items: []corev1.KeyToPath{ + Entries: []commonv1alpha1.KeyToPath{ {Key: "unknown"}, }, }, @@ -387,10 +388,10 @@ func Test_retrieveUserSecrets(t *testing.T) { }, { name: "secure settings secret with valid key should be retrieved", - args: []corev1.SecretVolumeSource{ + args: []commonv1alpha1.SecretSource{ { SecretName: testSecretName, - Items: []corev1.KeyToPath{ + Entries: []commonv1alpha1.KeyToPath{ {Key: "key2"}, }, }, @@ -408,10 +409,10 @@ func Test_retrieveUserSecrets(t *testing.T) { }, { name: "secure settings secret with valid key and path should be retrieved", - args: []corev1.SecretVolumeSource{ + args: []commonv1alpha1.SecretSource{ { SecretName: testSecretName, - Items: []corev1.KeyToPath{ + Entries: []commonv1alpha1.KeyToPath{ {Key: "key1"}, {Key: "key3", Path: "newKey"}, },