allow Gardener cloud provider secret names alternatively

```improvement operator
allow Gardener cloud provider secret names alternatively
```

examples/secret_alicloud_credentials.yaml

@@ -8,3 +8,6 @@ data:
   # Replace '...' with values encoded as base64.
   ACCESS_KEY_ID: ...
   SECRET_ACCESS_KEY: ...
+  # Alternatively use Gardener cloud provider credentials convention
+  #accessKeyID: ...
+  #secretAccessKey: ...

examples/secret_aws_credentials.yaml

@@ -9,3 +9,6 @@ data:
   # see https://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html
   AWS_ACCESS_KEY_ID: ...
   AWS_SECRET_ACCESS_KEY: ...
+  # Alternatively use Gardener cloud provider credentials convention
+  #accessKeyID: ...
+  #secretAccessKey: ...

examples/secret_azure_credentials.yaml

@@ -11,3 +11,8 @@ data:
   AZURE_TENANT_ID: ...
   AZURE_CLIENT_ID: ...
   AZURE_CLIENT_SECRET: ...
+  # Alternatively use Gardener cloud provider credentials convention
+  #tenantID: ...
+  #subscriptionID: ...
+  #clientID: ...
+  #clientSecret: ...

examples/secret_openstack_credentials.yaml

@@ -9,8 +9,15 @@ data:
   # For details about key name 
   # see https://docs.openstack.org/python-openstackclient/pike/cli/man/openstack.html#environment-variables
   OS_AUTH_URL: ...
-  OS_REGION_NAME: ...
-  OS_USERNAME: ...
-  OS_PASSWORD: ...
+  OS_REGION_NAME: ... (optional)
   OS_DOMAIN_NAME: ...
   OS_PROJECT_NAME: ...
+  OS_USERNAME: ...
+  OS_PASSWORD: ...
+  # Alternatively use Gardener cloud provider credentials convention
+  #OS_AUTH_URL: ... (always needed)
+  #OS_REGION_NAME: ... (optional)
+  #domainName: ...
+  #tenantName: ...
+  #username: ...
+  #password: ...

pkg/controller/provider/alicloud/handler.go

@@ -39,16 +39,22 @@ func NewHandler(logger logger.LogContext, config *provider.DNSHandlerConfig, met
 		config: *config,
 	}
 
-	accessKeyId := this.config.Properties["ACCESS_KEY_ID"]
-	if accessKeyId == "" {
-		return nil, fmt.Errorf("'ACCESS_KEY_ID' required in secret")
+	accessKeyID := this.config.Properties["ACCESS_KEY_ID"]
+	if accessKeyID == "" {
+		accessKeyID = this.config.Properties["accessKeyID"]
+	}
+	if accessKeyID == "" {
+		return nil, fmt.Errorf("'ACCESS_KEY_ID' or 'accessKeyID' required in secret")
 	}
 	accessKeySecret := this.config.Properties["ACCESS_KEY_SECRET"]
 	if accessKeySecret == "" {
-		return nil, fmt.Errorf("'ACCESS_KEY_SECRET' required in secret")
+		accessKeySecret = this.config.Properties["accessKeySecret"]
+	}
+	if accessKeySecret == "" {
+		return nil, fmt.Errorf("'ACCESS_KEY_SECRET' or 'accessKeySecret' required in secret")
 	}
 
-	access, err := NewAccess(accessKeyId, accessKeySecret, metrics)
+	access, err := NewAccess(accessKeyID, accessKeySecret, metrics)
 	if err != nil {
 		return nil, err
 	}

pkg/controller/provider/aws/handler.go

@@ -58,18 +58,24 @@ func NewHandler(logger logger.LogContext, config *provider.DNSHandlerConfig, met
 		awsConfig: awsConfig,
 		metrics:   metrics,
 	}
-	akid := this.config.Properties["AWS_ACCESS_KEY_ID"]
-	if akid == "" {
+	accessKeyID := this.config.Properties["AWS_ACCESS_KEY_ID"]
+	if accessKeyID == "" {
+		accessKeyID = this.config.Properties["accessKeyID"]
+	}
+	if accessKeyID == "" {
 		logger.Infof("creating aws-route53 handler failed because of missing access key id")
-		return nil, fmt.Errorf("'AWS_ACCESS_KEY_ID' required in secret")
+		return nil, fmt.Errorf("'AWS_ACCESS_KEY_ID' or 'accessKeyID' required in secret")
+	}
+	logger.Infof("creating aws-route53 handler for %s", accessKeyID)
+	secretAccessKey := this.config.Properties["AWS_SECRET_ACCESS_KEY"]
+	if secretAccessKey == "" {
+		secretAccessKey = this.config.Properties["secretAccessKey"]
 	}
-	logger.Infof("creating aws-route53 handler for %s", akid)
-	sak := this.config.Properties["AWS_SECRET_ACCESS_KEY"]
-	if sak == "" {
-		return nil, fmt.Errorf("'AWS_SECRET_ACCESS_KEY' required in secret")
+	if secretAccessKey == "" {
+		return nil, fmt.Errorf("'AWS_SECRET_ACCESS_KEY' or 'secretAccessKey' required in secret")
 	}
-	st := this.config.Properties["AWS_SESSION_TOKEN"]
-	creds := credentials.NewStaticCredentials(akid, sak, st)
+	token := this.config.Properties["AWS_SESSION_TOKEN"]
+	creds := credentials.NewStaticCredentials(accessKeyID, secretAccessKey, token)
 
 	sess, err := session.NewSession(&aws.Config{
 		Region:      aws.String("us-west-2"),

pkg/controller/provider/azure/handler.go

@@ -53,20 +53,32 @@ func NewHandler(logger logger.LogContext, config *provider.DNSHandlerConfig, met
 
 	subscriptionID := h.config.Properties["AZURE_SUBSCRIPTION_ID"]
 	if subscriptionID == "" {
-		return nil, fmt.Errorf("'AZURE_SUBSCRIPTION_ID' required in secret")
+		subscriptionID = h.config.Properties["subscriptionID"]
+	}
+	if subscriptionID == "" {
+		return nil, fmt.Errorf("'AZURE_SUBSCRIPTION_ID' or 'subscriptionID' required in secret")
 	}
 	// see https://docs.microsoft.com/en-us/go/azure/azure-sdk-go-authorization
 	clientID := h.config.Properties["AZURE_CLIENT_ID"]
 	if clientID == "" {
-		return nil, fmt.Errorf("'AZURE_CLIENT_ID' required in secret")
+		clientID = h.config.Properties["clientID"]
+	}
+	if clientID == "" {
+		return nil, fmt.Errorf("'AZURE_CLIENT_ID' or 'clientID' required in secret")
 	}
 	clientSecret := h.config.Properties["AZURE_CLIENT_SECRET"]
 	if clientSecret == "" {
-		return nil, fmt.Errorf("'AZURE_CLIENT_SECRET' required in secret")
+		clientSecret = h.config.Properties["clientSecret"]
+	}
+	if clientSecret == "" {
+		return nil, fmt.Errorf("'AZURE_CLIENT_SECRET' or 'clientSecret' required in secret")
 	}
 	tenantID := h.config.Properties["AZURE_TENANT_ID"]
 	if tenantID == "" {
-		return nil, fmt.Errorf("'AZURE_TENANT_ID' required in secret")
+		tenantID = h.config.Properties["tenantID"]
+	}
+	if tenantID == "" {
+		return nil, fmt.Errorf("'AZURE_TENANT_ID' or 'tenantID' required in secret")
 	}
 
 	authorizer, err := auth.NewClientCredentialsConfig(clientID, clientSecret, tenantID).Authorizer()

pkg/controller/provider/openstack/handler.go

@@ -62,32 +62,39 @@ func NewHandler(logger logger.LogContext, config *provider.DNSHandlerConfig, met
 	return &h, nil
 }
 
-func readConfigProperty(config *provider.DNSHandlerConfig, key string) (value string, err error) {
+func readConfigProperty(config *provider.DNSHandlerConfig, key string, altKey string) (value string, err error) {
 	value = config.Properties[key]
+	if value == "" && altKey != "" {
+		value = config.Properties[altKey]
+	}
 	if value == "" {
-		err = fmt.Errorf("'%s' required in secret", key)
+		alt := ""
+		if altKey != "" {
+			alt = fmt.Sprintf(" or '%s'", altKey)
+		}
+		err = fmt.Errorf("'%s'%s required in secret", key, alt)
 	}
 	return
 }
 
 func readAuthConfig(config *provider.DNSHandlerConfig) (*authConfig, error) {
-	authURL, err := readConfigProperty(config, "OS_AUTH_URL")
+	authURL, err := readConfigProperty(config, "OS_AUTH_URL", "")
 	if err != nil {
 		return nil, err
 	}
-	username, err := readConfigProperty(config, "OS_USERNAME")
+	username, err := readConfigProperty(config, "OS_USERNAME", "username")
 	if err != nil {
 		return nil, err
 	}
-	domainName, err := readConfigProperty(config, "OS_DOMAIN_NAME")
+	domainName, err := readConfigProperty(config, "OS_DOMAIN_NAME", "domainName")
 	if err != nil {
 		return nil, err
 	}
-	password, err := readConfigProperty(config, "OS_PASSWORD")
+	password, err := readConfigProperty(config, "OS_PASSWORD", "password")
 	if err != nil {
 		return nil, err
 	}
-	projectName, err := readConfigProperty(config, "OS_PROJECT_NAME")
+	projectName, err := readConfigProperty(config, "OS_PROJECT_NAME", "tenantName")
 	if err != nil {
 		return nil, err
 	}