Add Direct Secret Reference extension

Direct Secret Reference extension allows Service Binding resource with the service directly pointing to a secret resource. This address the "Native Bindings" issue #92 Signed-off-by: Baiju Muthukadan <baiju.m.mail@gmail.com> Co-authored-by: Scott Andrews <scott@andrews.me> Signed-off-by: Baiju Muthukadan <baiju.m.mail@gmail.com>
servicebinding · Sep 22, 2020 · 37c9037 · 37c9037
1 parent 011a039
commit 37c9037
Showing 1 changed file with 35 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -59,6 +59,8 @@ Behavior within the project is governed by the [Contributor Covenant Code of Con
     - [Custom Projection Service Binding Example Resource](#custom-projection-service-binding-example-resource)
     - [Resource Type Schema](#resource-type-schema-2)
     - [Service Binding Projection Example Resource](#service-binding-projection-example-resource)
+  - [Direct Secret Reference](#direct-secret-reference)
+    - [Direct Secret Reference Example Resource](#direct-secret-reference-example-resource)
   - [Binding `Secret` Generation Strategies](#binding-secret-generation-strategies)
     - [OLM Operator Descriptors](#olm-operator-descriptors)
     - [Descriptor Examples](#descriptor-examples)
@@ -492,6 +494,39 @@ status:
     status: 'True'
 ```
 
+## Direct Secret Reference
+
+There are scenarios where an appropriate resource conforming to the Provisioned Service duck-type does not exist, but there is a `Secret` available for binding.  This extension allows a `ServiceBinding` resource to directly reference a secret.
+
+When the `.spec.service.kind` attribute is `Secret` and `.spec.service.apiVersion` is `v1`, the `.spec.service.name` attribute **MUST** be treated as `.status.binding.name` for a Provisioned Service.
+
+### Direct Secret Reference Example Resource
+
+```yaml
+apiVersion: service.binding/v1alpha2
+kind: ServiceBinding
+metadata:
+  name: account-service
+
+spec:
+  application:
+    apiVersion: apps/v1
+    kind:       Deployment
+    name:       online-banking
+
+  service:
+    apiVersion: v1
+    kind:       Secret
+    name:       prod-account-service-secret
+
+status:
+  binding:
+    name: prod-account-service-reference
+  conditions:
+  - type:   Ready
+    status: 'True'
+```
+
 ## Binding `Secret` Generation Strategies
 
 Many services, especially initially, will not be Provisioned Service-compliant.  These services will expose the appropriate binding `Secret` information, but not in the way that the specification or applications expect.  Users should have a way of describing a mapping from existing data associated with arbitrary resources and CRDs to a representation of a binding `Secret`.