diff --git a/examples/secret_alicloud_credentials.yaml b/examples/secret_alicloud_credentials.yaml index addffa763..c1ee12f85 100644 --- a/examples/secret_alicloud_credentials.yaml +++ b/examples/secret_alicloud_credentials.yaml @@ -8,3 +8,6 @@ data: # Replace '...' with values encoded as base64. ACCESS_KEY_ID: ... SECRET_ACCESS_KEY: ... + # Alternatively use Gardener cloud provider credentials convention + #accessKeyID: ... + #secretAccessKey: ... diff --git a/examples/secret_aws_credentials.yaml b/examples/secret_aws_credentials.yaml index 7146f4591..0ba8f2508 100644 --- a/examples/secret_aws_credentials.yaml +++ b/examples/secret_aws_credentials.yaml @@ -9,3 +9,6 @@ data: # see https://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html AWS_ACCESS_KEY_ID: ... AWS_SECRET_ACCESS_KEY: ... + # Alternatively use Gardener cloud provider credentials convention + #accessKeyID: ... + #secretAccessKey: ... diff --git a/examples/secret_azure_credentials.yaml b/examples/secret_azure_credentials.yaml index 34141c26c..7bd73b9f7 100644 --- a/examples/secret_azure_credentials.yaml +++ b/examples/secret_azure_credentials.yaml @@ -11,3 +11,8 @@ data: AZURE_TENANT_ID: ... AZURE_CLIENT_ID: ... AZURE_CLIENT_SECRET: ... + # Alternatively use Gardener cloud provider credentials convention + #tenantID: ... + #subscriptionID: ... + #clientID: ... + #clientSecret: ... \ No newline at end of file diff --git a/examples/secret_openstack_credentials.yaml b/examples/secret_openstack_credentials.yaml index 61eac73c5..d31785670 100644 --- a/examples/secret_openstack_credentials.yaml +++ b/examples/secret_openstack_credentials.yaml @@ -9,8 +9,15 @@ data: # For details about key name # see https://docs.openstack.org/python-openstackclient/pike/cli/man/openstack.html#environment-variables OS_AUTH_URL: ... - OS_REGION_NAME: ... - OS_USERNAME: ... - OS_PASSWORD: ... + OS_REGION_NAME: ... (optional) OS_DOMAIN_NAME: ... OS_PROJECT_NAME: ... + OS_USERNAME: ... + OS_PASSWORD: ... + # Alternatively use Gardener cloud provider credentials convention + #OS_AUTH_URL: ... (always needed) + #OS_REGION_NAME: ... (optional) + #domainName: ... + #tenantName: ... + #username: ... + #password: ... \ No newline at end of file diff --git a/pkg/controller/provider/alicloud/handler.go b/pkg/controller/provider/alicloud/handler.go index f25a7bcce..573129d11 100644 --- a/pkg/controller/provider/alicloud/handler.go +++ b/pkg/controller/provider/alicloud/handler.go @@ -39,16 +39,22 @@ func NewHandler(logger logger.LogContext, config *provider.DNSHandlerConfig, met config: *config, } - accessKeyId := this.config.Properties["ACCESS_KEY_ID"] - if accessKeyId == "" { - return nil, fmt.Errorf("'ACCESS_KEY_ID' required in secret") + accessKeyID := this.config.Properties["ACCESS_KEY_ID"] + if accessKeyID == "" { + accessKeyID = this.config.Properties["accessKeyID"] + } + if accessKeyID == "" { + return nil, fmt.Errorf("'ACCESS_KEY_ID' or 'accessKeyID' required in secret") } accessKeySecret := this.config.Properties["ACCESS_KEY_SECRET"] if accessKeySecret == "" { - return nil, fmt.Errorf("'ACCESS_KEY_SECRET' required in secret") + accessKeySecret = this.config.Properties["accessKeySecret"] + } + if accessKeySecret == "" { + return nil, fmt.Errorf("'ACCESS_KEY_SECRET' or 'accessKeySecret' required in secret") } - access, err := NewAccess(accessKeyId, accessKeySecret, metrics) + access, err := NewAccess(accessKeyID, accessKeySecret, metrics) if err != nil { return nil, err } diff --git a/pkg/controller/provider/aws/handler.go b/pkg/controller/provider/aws/handler.go index 3c4733cdf..a202a9757 100644 --- a/pkg/controller/provider/aws/handler.go +++ b/pkg/controller/provider/aws/handler.go @@ -58,18 +58,24 @@ func NewHandler(logger logger.LogContext, config *provider.DNSHandlerConfig, met awsConfig: awsConfig, metrics: metrics, } - akid := this.config.Properties["AWS_ACCESS_KEY_ID"] - if akid == "" { + accessKeyID := this.config.Properties["AWS_ACCESS_KEY_ID"] + if accessKeyID == "" { + accessKeyID = this.config.Properties["accessKeyID"] + } + if accessKeyID == "" { logger.Infof("creating aws-route53 handler failed because of missing access key id") - return nil, fmt.Errorf("'AWS_ACCESS_KEY_ID' required in secret") + return nil, fmt.Errorf("'AWS_ACCESS_KEY_ID' or 'accessKeyID' required in secret") + } + logger.Infof("creating aws-route53 handler for %s", accessKeyID) + secretAccessKey := this.config.Properties["AWS_SECRET_ACCESS_KEY"] + if secretAccessKey == "" { + secretAccessKey = this.config.Properties["secretAccessKey"] } - logger.Infof("creating aws-route53 handler for %s", akid) - sak := this.config.Properties["AWS_SECRET_ACCESS_KEY"] - if sak == "" { - return nil, fmt.Errorf("'AWS_SECRET_ACCESS_KEY' required in secret") + if secretAccessKey == "" { + return nil, fmt.Errorf("'AWS_SECRET_ACCESS_KEY' or 'secretAccessKey' required in secret") } - st := this.config.Properties["AWS_SESSION_TOKEN"] - creds := credentials.NewStaticCredentials(akid, sak, st) + token := this.config.Properties["AWS_SESSION_TOKEN"] + creds := credentials.NewStaticCredentials(accessKeyID, secretAccessKey, token) sess, err := session.NewSession(&aws.Config{ Region: aws.String("us-west-2"), diff --git a/pkg/controller/provider/azure/handler.go b/pkg/controller/provider/azure/handler.go index 8a63f917e..5cf6f5ee6 100644 --- a/pkg/controller/provider/azure/handler.go +++ b/pkg/controller/provider/azure/handler.go @@ -53,20 +53,32 @@ func NewHandler(logger logger.LogContext, config *provider.DNSHandlerConfig, met subscriptionID := h.config.Properties["AZURE_SUBSCRIPTION_ID"] if subscriptionID == "" { - return nil, fmt.Errorf("'AZURE_SUBSCRIPTION_ID' required in secret") + subscriptionID = h.config.Properties["subscriptionID"] + } + if subscriptionID == "" { + return nil, fmt.Errorf("'AZURE_SUBSCRIPTION_ID' or 'subscriptionID' required in secret") } // see https://docs.microsoft.com/en-us/go/azure/azure-sdk-go-authorization clientID := h.config.Properties["AZURE_CLIENT_ID"] if clientID == "" { - return nil, fmt.Errorf("'AZURE_CLIENT_ID' required in secret") + clientID = h.config.Properties["clientID"] + } + if clientID == "" { + return nil, fmt.Errorf("'AZURE_CLIENT_ID' or 'clientID' required in secret") } clientSecret := h.config.Properties["AZURE_CLIENT_SECRET"] if clientSecret == "" { - return nil, fmt.Errorf("'AZURE_CLIENT_SECRET' required in secret") + clientSecret = h.config.Properties["clientSecret"] + } + if clientSecret == "" { + return nil, fmt.Errorf("'AZURE_CLIENT_SECRET' or 'clientSecret' required in secret") } tenantID := h.config.Properties["AZURE_TENANT_ID"] if tenantID == "" { - return nil, fmt.Errorf("'AZURE_TENANT_ID' required in secret") + tenantID = h.config.Properties["tenantID"] + } + if tenantID == "" { + return nil, fmt.Errorf("'AZURE_TENANT_ID' or 'tenantID' required in secret") } authorizer, err := auth.NewClientCredentialsConfig(clientID, clientSecret, tenantID).Authorizer() diff --git a/pkg/controller/provider/openstack/handler.go b/pkg/controller/provider/openstack/handler.go index 3620ec2f3..fc81d3982 100644 --- a/pkg/controller/provider/openstack/handler.go +++ b/pkg/controller/provider/openstack/handler.go @@ -62,32 +62,39 @@ func NewHandler(logger logger.LogContext, config *provider.DNSHandlerConfig, met return &h, nil } -func readConfigProperty(config *provider.DNSHandlerConfig, key string) (value string, err error) { +func readConfigProperty(config *provider.DNSHandlerConfig, key string, altKey string) (value string, err error) { value = config.Properties[key] + if value == "" && altKey != "" { + value = config.Properties[altKey] + } if value == "" { - err = fmt.Errorf("'%s' required in secret", key) + alt := "" + if altKey != "" { + alt = fmt.Sprintf(" or '%s'", altKey) + } + err = fmt.Errorf("'%s'%s required in secret", key, alt) } return } func readAuthConfig(config *provider.DNSHandlerConfig) (*authConfig, error) { - authURL, err := readConfigProperty(config, "OS_AUTH_URL") + authURL, err := readConfigProperty(config, "OS_AUTH_URL", "") if err != nil { return nil, err } - username, err := readConfigProperty(config, "OS_USERNAME") + username, err := readConfigProperty(config, "OS_USERNAME", "username") if err != nil { return nil, err } - domainName, err := readConfigProperty(config, "OS_DOMAIN_NAME") + domainName, err := readConfigProperty(config, "OS_DOMAIN_NAME", "domainName") if err != nil { return nil, err } - password, err := readConfigProperty(config, "OS_PASSWORD") + password, err := readConfigProperty(config, "OS_PASSWORD", "password") if err != nil { return nil, err } - projectName, err := readConfigProperty(config, "OS_PROJECT_NAME") + projectName, err := readConfigProperty(config, "OS_PROJECT_NAME", "tenantName") if err != nil { return nil, err }