Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle sensitive input maps via SecretReference #138

Merged
merged 3 commits into from
Nov 15, 2022
Merged

Handle sensitive input maps via SecretReference #138

merged 3 commits into from
Nov 15, 2022

Conversation

turkenh
Copy link
Member

@turkenh turkenh commented Nov 11, 2022
edited
Loading

Description of your changes

This PR fixes the issues we are having with sensitive input fields of type map by using a SecretReference as the data type.

Fixes #134

I have:

  • Read and followed Crossplane's contribution process.
  • Run make reviewable to ensure this PR is ready for review.
  • Added backport release-x.y labels to auto-backport this PR if necessary.

How has this code been tested

Tested with aws_glue_connection resource and this PR using the below manifests:

apiVersion: glue.aws.upbound.io/v1beta1
kind: Connection
metadata:
  annotations:
    meta.upbound.io/example-id: glue/v1beta1/connection
  labels:
    testing.upbound.io/example-name: example
  name: example
spec:
  forProvider:
    catalogId: "123456789012"
    connectionPropertiesSecretRef:
      name: example-secret
      namespace: upbound-system
    region: us-west-1
---
apiVersion: v1
kind: Secret
metadata:
  name: example-secret
  namespace: upbound-system
type: Opaque
stringData:
  JDBC_CONNECTION_URL: "jdbc:mysql://my-db/exampledatabase"
  PASSWORD: "examplepassword"
  USERNAME: "exampleusername"

@turkenh turkenh requested a review from muvaf November 11, 2022 21:02
@turkenh turkenh closed this Nov 12, 2022
@turkenh turkenh reopened this Nov 12, 2022
@stevendborrelli stevendborrelli mentioned this pull request Nov 14, 2022
Closed
muvaf
muvaf approved these changes Nov 14, 2022
View reviewed changes
Copy link
Member

@muvaf muvaf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Could you also drop a comment in regards to how many CRDs are affected by this change in the official providers and which ones would be breaking changes?

@turkenh
Copy link
Member Author

turkenh commented Nov 15, 2022

LGTM! Could you also drop a comment in regards to how many CRDs are affected by this change in the official providers and which ones would be breaking changes?

@muvaf no CRDs effected with this change since there were no configured resource with a sensitive input of type map since it was failing indeed. Double checked this by running make generate in all 3 providers consuming this change.

@turkenh turkenh merged commit 606a1db into crossplane:main Nov 15, 2022
@turkenh turkenh deleted the secretmap branch November 15, 2022 07:55
@turkenh turkenh mentioned this pull request Nov 15, 2022
Closed
@muvaf
Copy link
Member

muvaf commented Nov 15, 2022

Thanks @turkenh !

@turkenh turkenh mentioned this pull request Dec 8, 2022
Closed
3 tasks
@eljohnson92
Copy link

@turkenh @muvaf would you expect this PR would also handle secrets that are arrays? we have a use case where we have an array we would like to mark the contents of as secrets

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@muvaf muvaf muvaf approved these changes

@stevendborrelli stevendborrelli Awaiting requested review from stevendborrelli

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Sensitive maps should not have struct as value type
3 participants
@turkenh @muvaf @eljohnson92