From e858aebab3efb033e065f35f7431aa64c12d6d2c Mon Sep 17 00:00:00 2001 From: Ismail Kaboubi Date: Tue, 24 Sep 2024 15:35:57 +0200 Subject: [PATCH] hotfix: enable external secret stores panic (#19) * hotfix: enable external secret stores panic Signed-off-by: Ismail KABOUBI * goimported Signed-off-by: Ismail KABOUBI * fix up_version in makefile Signed-off-by: Ismail KABOUBI * update gitsubmodule Signed-off-by: Ismail KABOUBI * fix crossplane version for local-deploy Signed-off-by: Ismail KABOUBI --------- Signed-off-by: Ismail KABOUBI --- .gitmodules | 2 +- Makefile | 7 ++-- apis/cloud/v1alpha1/zz_generated.deepcopy.go | 2 +- apis/cloud/v1alpha1/zz_generated.resolvers.go | 1 + .../gateway/v1alpha1/zz_generated.deepcopy.go | 2 +- .../v1alpha1/zz_generated.resolvers.go | 1 + apis/kube/v1alpha1/zz_generated.deepcopy.go | 2 +- apis/kube/v1alpha1/zz_generated.resolvers.go | 1 + apis/me/v1alpha1/zz_generated.deepcopy.go | 2 +- apis/me/v1alpha1/zz_generated.resolvers.go | 1 + .../network/v1alpha1/zz_generated.deepcopy.go | 2 +- .../v1alpha1/zz_generated.resolvers.go | 1 + .../v1alpha1/zz_generated.deepcopy.go | 2 +- .../v1alpha1/zz_generated.resolvers.go | 1 + build | 2 +- cmd/provider/main.go | 19 +++++++--- examples/databases/privatenetwork.yaml | 16 +++++++++ examples/databases/redis.yaml | 34 ++++++++++++++++++ examples/databases/subnet.yaml | 19 ++++++++++ .../databases/user-with-store-config.yaml | 35 +++++++++++++++++++ examples/databases/user.yaml | 22 ++++++++++++ examples/install.yaml | 7 ++-- 22 files changed, 164 insertions(+), 17 deletions(-) create mode 100644 examples/databases/privatenetwork.yaml create mode 100644 examples/databases/redis.yaml create mode 100644 examples/databases/subnet.yaml create mode 100644 examples/databases/user-with-store-config.yaml create mode 100644 examples/databases/user.yaml diff --git a/.gitmodules b/.gitmodules index c2fad47..8f84209 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,3 @@ [submodule "build"] path = build - url = https://github.com/upbound/build + url = https://github.com/crossplane/build diff --git a/Makefile b/Makefile index 2160f20..7bf8e37 100644 --- a/Makefile +++ b/Makefile @@ -50,10 +50,11 @@ GO_SUBDIRS += cmd internal apis # ==================================================================================== # Setup Kubernetes tools -KIND_VERSION = v0.15.0 -UP_VERSION = v0.18.0 +KIND_VERSION = v0.24.0 +UP_VERSION = v0.33.0 UP_CHANNEL = stable -UPTEST_VERSION = v0.5.0 +UPTEST_VERSION = v1.1.2 +CROSSPLANE_VERSION = v1.17.1 -include build/makelib/k8s_tools.mk # ==================================================================================== diff --git a/apis/cloud/v1alpha1/zz_generated.deepcopy.go b/apis/cloud/v1alpha1/zz_generated.deepcopy.go index 8a29d38..55e77ef 100644 --- a/apis/cloud/v1alpha1/zz_generated.deepcopy.go +++ b/apis/cloud/v1alpha1/zz_generated.deepcopy.go @@ -9,7 +9,7 @@ Copyright 2022 Upbound Inc. package v1alpha1 import ( - "github.com/crossplane/crossplane-runtime/apis/common/v1" + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" runtime "k8s.io/apimachinery/pkg/runtime" ) diff --git a/apis/cloud/v1alpha1/zz_generated.resolvers.go b/apis/cloud/v1alpha1/zz_generated.resolvers.go index 3edc426..0634453 100644 --- a/apis/cloud/v1alpha1/zz_generated.resolvers.go +++ b/apis/cloud/v1alpha1/zz_generated.resolvers.go @@ -7,6 +7,7 @@ package v1alpha1 import ( "context" + reference "github.com/crossplane/crossplane-runtime/pkg/reference" errors "github.com/pkg/errors" client "sigs.k8s.io/controller-runtime/pkg/client" diff --git a/apis/gateway/v1alpha1/zz_generated.deepcopy.go b/apis/gateway/v1alpha1/zz_generated.deepcopy.go index 0062d83..21075d4 100644 --- a/apis/gateway/v1alpha1/zz_generated.deepcopy.go +++ b/apis/gateway/v1alpha1/zz_generated.deepcopy.go @@ -9,7 +9,7 @@ Copyright 2022 Upbound Inc. package v1alpha1 import ( - "github.com/crossplane/crossplane-runtime/apis/common/v1" + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" runtime "k8s.io/apimachinery/pkg/runtime" ) diff --git a/apis/gateway/v1alpha1/zz_generated.resolvers.go b/apis/gateway/v1alpha1/zz_generated.resolvers.go index 0978471..5bb41da 100644 --- a/apis/gateway/v1alpha1/zz_generated.resolvers.go +++ b/apis/gateway/v1alpha1/zz_generated.resolvers.go @@ -7,6 +7,7 @@ package v1alpha1 import ( "context" + reference "github.com/crossplane/crossplane-runtime/pkg/reference" v1alpha1 "github.com/edixos/provider-ovh/apis/network/v1alpha1" errors "github.com/pkg/errors" diff --git a/apis/kube/v1alpha1/zz_generated.deepcopy.go b/apis/kube/v1alpha1/zz_generated.deepcopy.go index f6c62ce..e9da839 100644 --- a/apis/kube/v1alpha1/zz_generated.deepcopy.go +++ b/apis/kube/v1alpha1/zz_generated.deepcopy.go @@ -9,7 +9,7 @@ Copyright 2022 Upbound Inc. package v1alpha1 import ( - "github.com/crossplane/crossplane-runtime/apis/common/v1" + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" runtime "k8s.io/apimachinery/pkg/runtime" ) diff --git a/apis/kube/v1alpha1/zz_generated.resolvers.go b/apis/kube/v1alpha1/zz_generated.resolvers.go index 93bde98..e6aed91 100644 --- a/apis/kube/v1alpha1/zz_generated.resolvers.go +++ b/apis/kube/v1alpha1/zz_generated.resolvers.go @@ -7,6 +7,7 @@ package v1alpha1 import ( "context" + reference "github.com/crossplane/crossplane-runtime/pkg/reference" v1alpha1 "github.com/edixos/provider-ovh/apis/network/v1alpha1" errors "github.com/pkg/errors" diff --git a/apis/me/v1alpha1/zz_generated.deepcopy.go b/apis/me/v1alpha1/zz_generated.deepcopy.go index 84cb8db..8da52c7 100644 --- a/apis/me/v1alpha1/zz_generated.deepcopy.go +++ b/apis/me/v1alpha1/zz_generated.deepcopy.go @@ -9,7 +9,7 @@ Copyright 2022 Upbound Inc. package v1alpha1 import ( - "github.com/crossplane/crossplane-runtime/apis/common/v1" + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" runtime "k8s.io/apimachinery/pkg/runtime" ) diff --git a/apis/me/v1alpha1/zz_generated.resolvers.go b/apis/me/v1alpha1/zz_generated.resolvers.go index 3958e75..d10a86d 100644 --- a/apis/me/v1alpha1/zz_generated.resolvers.go +++ b/apis/me/v1alpha1/zz_generated.resolvers.go @@ -7,6 +7,7 @@ package v1alpha1 import ( "context" + reference "github.com/crossplane/crossplane-runtime/pkg/reference" errors "github.com/pkg/errors" client "sigs.k8s.io/controller-runtime/pkg/client" diff --git a/apis/network/v1alpha1/zz_generated.deepcopy.go b/apis/network/v1alpha1/zz_generated.deepcopy.go index 2777ebf..ad0a6ad 100644 --- a/apis/network/v1alpha1/zz_generated.deepcopy.go +++ b/apis/network/v1alpha1/zz_generated.deepcopy.go @@ -9,7 +9,7 @@ Copyright 2022 Upbound Inc. package v1alpha1 import ( - "github.com/crossplane/crossplane-runtime/apis/common/v1" + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" runtime "k8s.io/apimachinery/pkg/runtime" ) diff --git a/apis/network/v1alpha1/zz_generated.resolvers.go b/apis/network/v1alpha1/zz_generated.resolvers.go index cdd527e..a699769 100644 --- a/apis/network/v1alpha1/zz_generated.resolvers.go +++ b/apis/network/v1alpha1/zz_generated.resolvers.go @@ -7,6 +7,7 @@ package v1alpha1 import ( "context" + reference "github.com/crossplane/crossplane-runtime/pkg/reference" errors "github.com/pkg/errors" client "sigs.k8s.io/controller-runtime/pkg/client" diff --git a/apis/registry/v1alpha1/zz_generated.deepcopy.go b/apis/registry/v1alpha1/zz_generated.deepcopy.go index 7089b7e..575cc8d 100644 --- a/apis/registry/v1alpha1/zz_generated.deepcopy.go +++ b/apis/registry/v1alpha1/zz_generated.deepcopy.go @@ -9,7 +9,7 @@ Copyright 2022 Upbound Inc. package v1alpha1 import ( - "github.com/crossplane/crossplane-runtime/apis/common/v1" + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" runtime "k8s.io/apimachinery/pkg/runtime" ) diff --git a/apis/registry/v1alpha1/zz_generated.resolvers.go b/apis/registry/v1alpha1/zz_generated.resolvers.go index e28f75b..2c7e475 100644 --- a/apis/registry/v1alpha1/zz_generated.resolvers.go +++ b/apis/registry/v1alpha1/zz_generated.resolvers.go @@ -7,6 +7,7 @@ package v1alpha1 import ( "context" + reference "github.com/crossplane/crossplane-runtime/pkg/reference" errors "github.com/pkg/errors" client "sigs.k8s.io/controller-runtime/pkg/client" diff --git a/build b/build index bd5297b..3cf6663 160000 --- a/build +++ b/build @@ -1 +1 @@ -Subproject commit bd5297bd16c113cbc5ed1905b1d96aa1cb3078ec +Subproject commit 3cf6663fafcf22f5cb3e7b90cf21d981faa52230 diff --git a/cmd/provider/main.go b/cmd/provider/main.go index 3bf8fb7..17b2ddc 100644 --- a/cmd/provider/main.go +++ b/cmd/provider/main.go @@ -10,6 +10,8 @@ import ( "path/filepath" "time" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" "github.com/crossplane/crossplane-runtime/pkg/feature" @@ -43,10 +45,10 @@ func main() { leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() - terraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() - providerSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() - providerVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() - + terraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + providerSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + providerVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() @@ -99,6 +101,15 @@ func main() { o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + // Ensure default store config exists. kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ ObjectMeta: metav1.ObjectMeta{ diff --git a/examples/databases/privatenetwork.yaml b/examples/databases/privatenetwork.yaml new file mode 100644 index 0000000..f4d1155 --- /dev/null +++ b/examples/databases/privatenetwork.yaml @@ -0,0 +1,16 @@ +apiVersion: network.ovh.edixos.io/v1alpha1 +kind: PrivateNetwork +metadata: + name: sample-1 + labels: + managed-by: crossplane +spec: + providerConfigRef: + name: default + forProvider: + name: sample-1 + serviceName: 21658141411b4c9bb0bf863be8e8c369 + regions: + - GRA11 + + diff --git a/examples/databases/redis.yaml b/examples/databases/redis.yaml new file mode 100644 index 0000000..651bb39 --- /dev/null +++ b/examples/databases/redis.yaml @@ -0,0 +1,34 @@ +apiVersion: databases.ovh.edixos.io/v1alpha1 +kind: ProjectDatabase +metadata: + name: demo-0 + namespace: default +spec: + providerConfigRef: + name: default + forProvider: + serviceName: 21658141411b4c9bb0bf863be8e8c369 + engine: redis + version: "7.0" + plan: "essential" + flavor: db1-4 + nodes: + - networkId: 0c2bf126-396d-4de2-bc1e-b9bfbd54bdfb + subnetId: c63562ac-d061-4c8f-b65f-2e72e4db8a25 + region: GRA + writeConnectionSecretToRef: + name: redis-demo-0 + namespace: default +# publishConnectionDetailsTo: +# configRef: +# # name: staging-01 +# name: staging-01 +# name: redis-demo-0 +#--- +#apiVersion: ovh.edixos.io/v1alpha1 +#kind: StoreConfig +#metadata: +# name: staging-01 +#spec: +# defaultScope: crossplane-system +# type: Kubernetes \ No newline at end of file diff --git a/examples/databases/subnet.yaml b/examples/databases/subnet.yaml new file mode 100644 index 0000000..561b761 --- /dev/null +++ b/examples/databases/subnet.yaml @@ -0,0 +1,19 @@ +apiVersion: network.ovh.edixos.io/v1alpha1 +kind: Subnet +metadata: + name: subnet-1 + labels: + managed-by: crossplane +spec: + providerConfigRef: + name: default + forProvider: + serviceName: 21658141411b4c9bb0bf863be8e8c369 + networkIdRef: + name: sample-1 + region: GRA11 + start: 192.168.168.100 + end: 192.168.168.200 + network: 192.168.168.0/24 + dhcp: true + noGateway: false \ No newline at end of file diff --git a/examples/databases/user-with-store-config.yaml b/examples/databases/user-with-store-config.yaml new file mode 100644 index 0000000..fedded6 --- /dev/null +++ b/examples/databases/user-with-store-config.yaml @@ -0,0 +1,35 @@ +apiVersion: databases.ovh.edixos.io/v1alpha1 +kind: ProjectDatabaseRedisUser +metadata: + name: user-1 + labels: + managed-by: crossplane +spec: + forProvider: + serviceName: 21658141411b4c9bb0bf863be8e8c369 + clusterId: e6d531ef-acb5-4a73-b0b6-9205a729f8f5 + channels: + - "*" + commands: + - +get + - -set + keys: + - data + - properties + name: user-1 + publishConnectionDetailsTo: + name: user-1 + metadata: + labels: + managed-by: crossplane + configRef: + name: staging-01 +--- +apiVersion: ovh.edixos.io/v1alpha1 +kind: StoreConfig +metadata: + name: staging-01 +spec: + defaultScope: default + type: Kubernetes + diff --git a/examples/databases/user.yaml b/examples/databases/user.yaml new file mode 100644 index 0000000..742ef67 --- /dev/null +++ b/examples/databases/user.yaml @@ -0,0 +1,22 @@ +apiVersion: databases.ovh.edixos.io/v1alpha1 +kind: ProjectDatabaseRedisUser +metadata: + name: user-1 + labels: + managed-by: crossplane +spec: + forProvider: + serviceName: 21658141411b4c9bb0bf863be8e8c369 + clusterId: e6d531ef-acb5-4a73-b0b6-9205a729f8f5 + channels: + - "*" + commands: + - +get + - -set + keys: + - data + - properties + name: user-1 + writeConnectionSecretToRef: + name: user-1 + namespace: default \ No newline at end of file diff --git a/examples/install.yaml b/examples/install.yaml index a981df4..f59d665 100644 --- a/examples/install.yaml +++ b/examples/install.yaml @@ -3,7 +3,7 @@ kind: Provider metadata: name: provider-ovh spec: - package: xpkg.upbound.io/edixos/provider-ovh:v0.1.4 + package: xpkg.upbound.io/edixos/provider-ovh:v0.40.0 runtimeConfigRef: name: provider-ovh --- @@ -20,4 +20,7 @@ spec: containers: - name: package-runtime args: - - --debug \ No newline at end of file + - --debug + - --enable-management-policies + - --enable-external-secret-stores +