Support []string and map[string]string secret properties

This resolves Azure#3435. []string is transformed into []genruntime.SecretReference. map[string]string is transformed into a new type genruntime.SecretCollectionReference. Unlike genruntime.SecretReference, SecretCollectionReference refers to an entire secret rather than only some parts of it. This is required to keep the keys of the map secret too. It also presents a slightly cleaner user interface than map[string]genruntime.SecretReference would have.
matthchr · Jan 25, 2024 · d2e0adc · d2e0adc
1 parent 0c24b32
commit d2e0adc
Show file tree

Hide file tree

Showing 27 changed files with 792 additions and 84 deletions.
diff --git a/v2/api/containerinstance/v1api20211001/container_group_spec_arm_types_gen.go b/v2/api/containerinstance/v1api20211001/container_group_spec_arm_types_gen.go
diff --git a/v2/api/containerinstance/v1api20211001/container_group_spec_arm_types_gen_test.go b/v2/api/containerinstance/v1api20211001/container_group_spec_arm_types_gen_test.go
diff --git a/v2/api/containerinstance/v1api20211001/container_group_types_gen.go b/v2/api/containerinstance/v1api20211001/container_group_types_gen.go
diff --git a/v2/api/containerinstance/v1api20211001/structure.txt b/v2/api/containerinstance/v1api20211001/structure.txt
@@ -83,7 +83,7 @@ github.com/Azure/azure-service-operator/v2/api/containerinstance/v1api20211001
 │   │   │       │   └── "ContainerInstanceLogs"
 │   │   │       ├── Metadata: map[string]string
 │   │   │       ├── WorkspaceId: *string
-│   │   │       ├── WorkspaceKey: genruntime.SecretReference
+│   │   │       ├── WorkspaceKey: *genruntime.SecretReference
 │   │   │       └── WorkspaceResourceReference: *genruntime.ResourceReference
 │   │   ├── DnsConfig: *Object (3 properties)
 │   │   │   ├── NameServers: string[]
@@ -687,7 +687,7 @@ github.com/Azure/azure-service-operator/v2/api/containerinstance/v1api20211001
     │   │       │   └── "ContainerInstanceLogs"
     │   │       ├── Metadata: map[string]string
     │   │       ├── WorkspaceId: *string
-    │   │       ├── WorkspaceKey: string
+    │   │       ├── WorkspaceKey: *string
     │   │       └── WorkspaceResourceId: *string
     │   ├── DnsConfig: *Object (3 properties)
     │   │   ├── NameServers: string[]

diff --git a/v2/api/dbformariadb/v1api20180601/server_spec_arm_types_gen.go b/v2/api/dbformariadb/v1api20180601/server_spec_arm_types_gen.go
diff --git a/v2/api/dbformariadb/v1api20180601/server_spec_arm_types_gen_test.go b/v2/api/dbformariadb/v1api20180601/server_spec_arm_types_gen_test.go
diff --git a/v2/api/dbformariadb/v1api20180601/server_types_gen.go b/v2/api/dbformariadb/v1api20180601/server_types_gen.go
diff --git a/v2/api/dbformariadb/v1api20180601/structure.txt b/v2/api/dbformariadb/v1api20180601/structure.txt
@@ -46,7 +46,7 @@ github.com/Azure/azure-service-operator/v2/api/dbformariadb/v1api20180601
 │   │   ├── Properties: *Object (4 properties)
 │   │   │   ├── Default: *Object (8 properties)
 │   │   │   │   ├── AdministratorLogin: *string
-│   │   │   │   ├── AdministratorLoginPassword: genruntime.SecretReference
+│   │   │   │   ├── AdministratorLoginPassword: *genruntime.SecretReference
 │   │   │   │   ├── CreateMode: *Enum (1 value)
 │   │   │   │   │   └── "Default"
 │   │   │   │   ├── MinimalTlsVersion: *Enum (4 values)
@@ -309,7 +309,7 @@ github.com/Azure/azure-service-operator/v2/api/dbformariadb/v1api20180601
 │   ├── Properties: *Object (4 properties)
 │   │   ├── Default: *Object (8 properties)
 │   │   │   ├── AdministratorLogin: *string
-│   │   │   ├── AdministratorLoginPassword: string
+│   │   │   ├── AdministratorLoginPassword: *string
 │   │   │   ├── CreateMode: Enum (1 value)
 │   │   │   │   └── "Default"
 │   │   │   ├── MinimalTlsVersion: *Enum (4 values)

diff --git a/v2/api/devices/v1api20210702/iot_hub_spec_arm_types_gen.go b/v2/api/devices/v1api20210702/iot_hub_spec_arm_types_gen.go
diff --git a/v2/api/devices/v1api20210702/iot_hub_spec_arm_types_gen_test.go b/v2/api/devices/v1api20210702/iot_hub_spec_arm_types_gen_test.go
diff --git a/v2/api/devices/v1api20210702/iot_hub_types_gen.go b/v2/api/devices/v1api20210702/iot_hub_types_gen.go
diff --git a/v2/api/devices/v1api20210702/structure.txt b/v2/api/devices/v1api20210702/structure.txt
@@ -200,7 +200,7 @@ github.com/Azure/azure-service-operator/v2/api/devices/v1api20210702
 │   │   │       ├── AuthenticationType: *Enum (2 values)
 │   │   │       │   ├── "identityBased"
 │   │   │       │   └── "keyBased"
-│   │   │       ├── ConnectionString: genruntime.SecretReference
+│   │   │       ├── ConnectionString: *genruntime.SecretReference
 │   │   │       ├── ContainerName: *string
 │   │   │       ├── Identity: *Object (1 property)
 │   │   │       │   └── UserAssignedIdentity: *string
@@ -803,7 +803,7 @@ github.com/Azure/azure-service-operator/v2/api/devices/v1api20210702
     │       ├── AuthenticationType: *Enum (2 values)
     │       │   ├── "identityBased"
     │       │   └── "keyBased"
-    │       ├── ConnectionString: string
+    │       ├── ConnectionString: *string
     │       ├── ContainerName: *string
     │       ├── Identity: *Object (1 property)
     │       │   └── UserAssignedIdentity: *string

diff --git a/v2/internal/reflecthelpers/reflect_helpers.go b/v2/internal/reflecthelpers/reflect_helpers.go
@@ -120,6 +120,11 @@ func FindSecretReferences(obj interface{}) (set.Set[genruntime.SecretReference],
 	return Find[genruntime.SecretReference](obj)
 }
 
+// FindSecretCollections finds all the genruntime.SecretCollectionReference's on the provided object
+func FindSecretCollections(obj interface{}) (set.Set[genruntime.SecretCollectionReference], error) {
+	return Find[genruntime.SecretCollectionReference](obj)
+}
+
 // FindConfigMapReferences finds all the genruntime.ConfigMapReference's on the provided object
 func FindConfigMapReferences(obj interface{}) (set.Set[genruntime.ConfigMapReference], error) {
 	return Find[genruntime.ConfigMapReference](obj)

diff --git a/v2/internal/resolver/resolver.go b/v2/internal/resolver/resolver.go
@@ -25,18 +25,20 @@ import (
 )
 
 type Resolver struct {
-	client                   kubeclient.Client
-	kubeSecretResolver       SecretResolver
-	kubeConfigMapResolver    ConfigMapResolver
-	reconciledResourceLookup map[schema.GroupKind]schema.GroupVersionKind
+	client                       kubeclient.Client
+	kubeSecretResolver           SecretResolver
+	kubeSecretCollectionResolver SecretCollectionResolver
+	kubeConfigMapResolver        ConfigMapResolver
+	reconciledResourceLookup     map[schema.GroupKind]schema.GroupVersionKind
 }
 
 func NewResolver(client kubeclient.Client) *Resolver {
 	return &Resolver{
-		client:                   client,
-		kubeSecretResolver:       NewKubeSecretResolver(client),
-		kubeConfigMapResolver:    NewKubeConfigMapResolver(client),
-		reconciledResourceLookup: make(map[schema.GroupKind]schema.GroupVersionKind),
+		client:                       client,
+		kubeSecretResolver:           NewKubeSecretResolver(client),
+		kubeSecretCollectionResolver: NewKubeSecretCollectionResolver(client),
+		kubeConfigMapResolver:        NewKubeConfigMapResolver(client),
+		reconciledResourceLookup:     make(map[schema.GroupKind]schema.GroupVersionKind),
 	}
 }
 
@@ -308,7 +310,40 @@ func (r *Resolver) ResolveResourceSecretReferences(ctx context.Context, metaObje
 	// resolve them
 	resolvedSecrets, err := r.ResolveSecretReferences(ctx, namespacedSecretRefs)
 	if err != nil {
-		return genruntime.Resolved[genruntime.SecretReference]{}, errors.Wrapf(err, "failed resolving secret references")
+		return genruntime.Resolved[genruntime.SecretReference, string]{}, errors.Wrapf(err, "failed resolving secret references")
+	}
+
+	return resolvedSecrets, nil
+}
+
+// ResolveSecretCollectionReferences resolves all provided secret collection references
+func (r *Resolver) ResolveSecretCollectionReferences(
+	ctx context.Context,
+	refs set.Set[genruntime.NamespacedSecretCollectionReference],
+) (genruntime.Resolved[genruntime.SecretCollectionReference, map[string]string], error) {
+	return r.kubeSecretCollectionResolver.ResolveSecretCollectionReferences(ctx, refs)
+}
+
+// ResolveResourceSecretCollectionReferences resolves all of the specified genruntime.MetaObject's secret collections.
+func (r *Resolver) ResolveResourceSecretCollectionReferences(
+	ctx context.Context,
+	metaObject genruntime.MetaObject,
+) (genruntime.Resolved[genruntime.SecretCollectionReference, map[string]string], error) {
+	refs, err := reflecthelpers.FindSecretCollections(metaObject)
+	if err != nil {
+		return genruntime.Resolved[genruntime.SecretCollectionReference, map[string]string]{}, errors.Wrapf(err, "finding secrets on %q", metaObject.GetName())
+	}
+
+	// Include the namespace
+	namespacedSecretRefs := set.Make[genruntime.NamespacedSecretCollectionReference]()
+	for ref := range refs {
+		namespacedSecretRefs.Add(ref.AsNamespacedRef(metaObject.GetNamespace()))
+	}
+
+	// resolve them
+	resolvedSecrets, err := r.ResolveSecretCollectionReferences(ctx, namespacedSecretRefs)
+	if err != nil {
+		return genruntime.Resolved[genruntime.SecretCollectionReference, map[string]string]{}, errors.Wrapf(err, "failed resolving secret references")
 	}
 
 	return resolvedSecrets, nil
@@ -365,17 +400,23 @@ func (r *Resolver) ResolveAll(ctx context.Context, metaObject genruntime.ARMMeta
 		return nil, genruntime.ConvertToARMResolvedDetails{}, err
 	}
 
+	resolvedSecretCollections, err := r.ResolveResourceSecretCollectionReferences(ctx, metaObject)
+	if err != nil {
+		return nil, genruntime.ConvertToARMResolvedDetails{}, err
+	}
+
 	// Resolve all configmaps
 	resolvedConfigMaps, err := r.ResolveResourceConfigMapReferences(ctx, metaObject)
 	if err != nil {
 		return nil, genruntime.ConvertToARMResolvedDetails{}, err
 	}
 
 	resolvedDetails := genruntime.ConvertToARMResolvedDetails{
-		Name:               resourceHierarchy.AzureName(),
-		ResolvedReferences: resolvedRefs,
-		ResolvedSecrets:    resolvedSecrets,
-		ResolvedConfigMaps: resolvedConfigMaps,
+		Name:                      resourceHierarchy.AzureName(),
+		ResolvedReferences:        resolvedRefs,
+		ResolvedSecrets:           resolvedSecrets,
+		ResolvedSecretCollections: resolvedSecretCollections,
+		ResolvedConfigMaps:        resolvedConfigMaps,
 	}
 
 	return resourceHierarchy, resolvedDetails, nil