diff --git a/addons/vault/aws/aws_secrets_manager.go b/addons/vault/aws/aws_secrets_manager.go index 6e57e4a8c4..af7a1709a3 100644 --- a/addons/vault/aws/aws_secrets_manager.go +++ b/addons/vault/aws/aws_secrets_manager.go @@ -18,7 +18,6 @@ limitations under the License. package aws import ( - "regexp" "strconv" "github.com/apache/camel-k/v2/pkg/util/kubernetes" @@ -105,7 +104,6 @@ func (t *awsSecretsManagerTrait) Configure(environment *trait.Environment) (bool } func (t *awsSecretsManagerTrait) Apply(environment *trait.Environment) error { - rex := regexp.MustCompile(`^(configmap|secret):([a-zA-Z0-9][a-zA-Z0-9-]*)(/([a-zA-Z0-9].*))?$`) if environment.IntegrationInPhase(v1.IntegrationPhaseInitialization) { util.StringSliceUniqueAdd(&environment.Integration.Status.Capabilities, v1.CapabilityAwsSecretsManager) } @@ -114,7 +112,7 @@ func (t *awsSecretsManagerTrait) Apply(environment *trait.Environment) error { return nil } - hits := rex.FindAllStringSubmatch(t.AccessKey, -1) + hits := v1.PlainConfigSecretRegexp.FindAllStringSubmatch(t.AccessKey, -1) if len(hits) >= 1 { var res, _ = v1.DecodeValueSource(t.AccessKey, "aws-access-key", "The access Key provided is not valid") if secretValue, err := kubernetes.ResolveValueSource(environment.Ctx, environment.Client, environment.Platform.Namespace, &res); err != nil { @@ -125,7 +123,7 @@ func (t *awsSecretsManagerTrait) Apply(environment *trait.Environment) error { } else { environment.ApplicationProperties["camel.vault.aws.accessKey"] = t.AccessKey } - hits = rex.FindAllStringSubmatch(t.SecretKey, -1) + hits = v1.PlainConfigSecretRegexp.FindAllStringSubmatch(t.SecretKey, -1) if len(hits) >= 1 { var res, _ = v1.DecodeValueSource(t.SecretKey, "aws-secret-key", "The secret Key provided is not valid") if secretValue, err := kubernetes.ResolveValueSource(environment.Ctx, environment.Client, environment.Platform.Namespace, &res); err != nil { diff --git a/addons/vault/azure/azure_key_vault.go b/addons/vault/azure/azure_key_vault.go index 0dcdfc5b8e..44b283f787 100644 --- a/addons/vault/azure/azure_key_vault.go +++ b/addons/vault/azure/azure_key_vault.go @@ -18,7 +18,6 @@ limitations under the License. package azure import ( - "regexp" "strconv" "github.com/apache/camel-k/v2/pkg/util/kubernetes" @@ -81,10 +80,6 @@ type Trait struct { BlobContainerName string `property:"blob-container-name" json:"blobContainerName,omitempty"` } -var ( - azureKeyValueRex = regexp.MustCompile(`^(configmap|secret):([a-zA-Z0-9][a-zA-Z0-9-]*)(/([a-zA-Z0-9].*))?$`) -) - type azureKeyVaultTrait struct { trait.BaseTrait Trait `property:",squash"` @@ -130,7 +125,7 @@ func (t *azureKeyVaultTrait) Apply(environment *trait.Environment) error { return nil } - hits := azureKeyValueRex.FindAllStringSubmatch(t.ClientSecret, -1) + hits := v1.PlainConfigSecretRegexp.FindAllStringSubmatch(t.ClientSecret, -1) if len(hits) >= 1 { var res, _ = v1.DecodeValueSource(t.ClientSecret, "azure-key-vault-client-secret", "The Azure Key Vault Client Secret provided is not valid") if secretValue, err := kubernetes.ResolveValueSource(environment.Ctx, environment.Client, environment.Platform.Namespace, &res); err != nil { @@ -141,7 +136,7 @@ func (t *azureKeyVaultTrait) Apply(environment *trait.Environment) error { } else { environment.ApplicationProperties["camel.vault.azure.clientSecret"] = t.ClientSecret } - hits = azureKeyValueRex.FindAllStringSubmatch(t.BlobAccessKey, -1) + hits = v1.PlainConfigSecretRegexp.FindAllStringSubmatch(t.BlobAccessKey, -1) if len(hits) >= 1 { var res, _ = v1.DecodeValueSource(t.BlobAccessKey, "azure-storage-blob-access-key", "The Azure Storage Blob Access Key provided is not valid") if secretValue, err := kubernetes.ResolveValueSource(environment.Ctx, environment.Client, environment.Platform.Namespace, &res); err != nil { diff --git a/addons/vault/hashicorp/hashicorp_vault.go b/addons/vault/hashicorp/hashicorp_vault.go index d8aeb00fdd..399d912f09 100644 --- a/addons/vault/hashicorp/hashicorp_vault.go +++ b/addons/vault/hashicorp/hashicorp_vault.go @@ -18,8 +18,6 @@ limitations under the License. package hashicorp import ( - "regexp" - v1 "github.com/apache/camel-k/v2/pkg/apis/camel/v1" traitv1 "github.com/apache/camel-k/v2/pkg/apis/camel/v1/trait" "github.com/apache/camel-k/v2/pkg/trait" @@ -81,7 +79,6 @@ func (t *hashicorpVaultTrait) Configure(environment *trait.Environment) (bool, * } func (t *hashicorpVaultTrait) Apply(environment *trait.Environment) error { - rex := regexp.MustCompile(`^(configmap|secret):([a-zA-Z0-9][a-zA-Z0-9-]*)(/([a-zA-Z0-9].*))?$`) if environment.IntegrationInPhase(v1.IntegrationPhaseInitialization) { util.StringSliceUniqueAdd(&environment.Integration.Status.Capabilities, v1.CapabilityHashicorpVault) } @@ -90,7 +87,7 @@ func (t *hashicorpVaultTrait) Apply(environment *trait.Environment) error { return nil } - hits := rex.FindAllStringSubmatch(t.Token, -1) + hits := v1.PlainConfigSecretRegexp.FindAllStringSubmatch(t.Token, -1) if len(hits) >= 1 { var res, _ = v1.DecodeValueSource(t.Token, "hashicorp-vault-token", "The Hashicorp Vault Token provided is not valid") diff --git a/docs/modules/ROOT/partials/apis/camel-k-crds.adoc b/docs/modules/ROOT/partials/apis/camel-k-crds.adoc index fd9da8052c..c827f5d9c3 100644 --- a/docs/modules/ROOT/partials/apis/camel-k-crds.adoc +++ b/docs/modules/ROOT/partials/apis/camel-k-crds.adoc @@ -6906,8 +6906,9 @@ Propagates the `HTTP_PROXY`, `HTTPS_PROXY` and `NO_PROXY` environment variables A list of environment variables to be added to the integration container. -The syntax is KEY=VALUE, e.g., `MY_VAR="my value"`. -These take precedence over the previously defined environment variables. +The syntax is either VAR=VALUE or VAR=[configmap{vbar}secret]:name/key, where name represents the resource name, +and key represents the resource key to be mapped as and environment variable. +These take precedence over any previously defined environment variables. |=== diff --git a/docs/modules/traits/pages/environment.adoc b/docs/modules/traits/pages/environment.adoc index d40ab6a5a6..e399da3523 100755 --- a/docs/modules/traits/pages/environment.adoc +++ b/docs/modules/traits/pages/environment.adoc @@ -41,8 +41,9 @@ The following configuration options are available: | environment.vars | []string | A list of environment variables to be added to the integration container. -The syntax is KEY=VALUE, e.g., `MY_VAR="my value"`. -These take precedence over the previously defined environment variables. +The syntax is either VAR=VALUE or VAR=[configmap\|secret]:name/key, where name represents the resource name, +and key represents the resource key to be mapped as and environment variable. +These take precedence over any previously defined environment variables. |=== diff --git a/pkg/apis/camel/v1/common_types_support.go b/pkg/apis/camel/v1/common_types_support.go index b3b68ea45a..8f01f71f13 100644 --- a/pkg/apis/camel/v1/common_types_support.go +++ b/pkg/apis/camel/v1/common_types_support.go @@ -30,6 +30,8 @@ import ( "github.com/imdario/mergo" ) +var PlainConfigSecretRegexp = regexp.MustCompile(`^(configmap|secret):([a-zA-Z0-9][a-zA-Z0-9-]*)(/([a-zA-Z0-9].*))?$`) + func (in *Artifact) String() string { return in.ID } @@ -224,8 +226,7 @@ func (bc *BuildConfiguration) IsEmpty() bool { // DecodeValueSource returns a ValueSource object from an input that respects the format configmap|secret:resource-name[/path]. func DecodeValueSource(input string, defaultKey string, errorMessage string) (ValueSource, error) { sub := make([]string, 0) - rex := regexp.MustCompile(`^(configmap|secret):([a-zA-Z0-9][a-zA-Z0-9-]*)(/([a-zA-Z0-9].*))?$`) - hits := rex.FindAllStringSubmatch(input, -1) + hits := PlainConfigSecretRegexp.FindAllStringSubmatch(input, -1) for _, hit := range hits { if len(hit) > 1 { diff --git a/pkg/apis/camel/v1/trait/environment.go b/pkg/apis/camel/v1/trait/environment.go index da3c423e5e..70f3e8a43c 100644 --- a/pkg/apis/camel/v1/trait/environment.go +++ b/pkg/apis/camel/v1/trait/environment.go @@ -28,7 +28,8 @@ type EnvironmentTrait struct { // Propagates the `HTTP_PROXY`, `HTTPS_PROXY` and `NO_PROXY` environment variables (default `true`) HTTPProxy *bool `property:"http-proxy" json:"httpProxy,omitempty"` // A list of environment variables to be added to the integration container. - // The syntax is KEY=VALUE, e.g., `MY_VAR="my value"`. - // These take precedence over the previously defined environment variables. + // The syntax is either VAR=VALUE or VAR=[configmap|secret]:name/key, where name represents the resource name, + // and key represents the resource key to be mapped as and environment variable. + // These take precedence over any previously defined environment variables. Vars []string `property:"vars" json:"vars,omitempty"` } diff --git a/pkg/resources/config/crd/bases/camel.apache.org_integrationplatforms.yaml b/pkg/resources/config/crd/bases/camel.apache.org_integrationplatforms.yaml index c21fdca750..2eeba0a8c4 100644 --- a/pkg/resources/config/crd/bases/camel.apache.org_integrationplatforms.yaml +++ b/pkg/resources/config/crd/bases/camel.apache.org_integrationplatforms.yaml @@ -993,8 +993,9 @@ spec: vars: description: |- A list of environment variables to be added to the integration container. - The syntax is KEY=VALUE, e.g., `MY_VAR="my value"`. - These take precedence over the previously defined environment variables. + The syntax is either VAR=VALUE or VAR=[configmap|secret]:name/key, where name represents the resource name, + and key represents the resource key to be mapped as and environment variable. + These take precedence over any previously defined environment variables. items: type: string type: array @@ -3091,8 +3092,9 @@ spec: vars: description: |- A list of environment variables to be added to the integration container. - The syntax is KEY=VALUE, e.g., `MY_VAR="my value"`. - These take precedence over the previously defined environment variables. + The syntax is either VAR=VALUE or VAR=[configmap|secret]:name/key, where name represents the resource name, + and key represents the resource key to be mapped as and environment variable. + These take precedence over any previously defined environment variables. items: type: string type: array diff --git a/pkg/resources/config/crd/bases/camel.apache.org_integrationprofiles.yaml b/pkg/resources/config/crd/bases/camel.apache.org_integrationprofiles.yaml index d96df69f0e..6d80e77421 100644 --- a/pkg/resources/config/crd/bases/camel.apache.org_integrationprofiles.yaml +++ b/pkg/resources/config/crd/bases/camel.apache.org_integrationprofiles.yaml @@ -868,8 +868,9 @@ spec: vars: description: |- A list of environment variables to be added to the integration container. - The syntax is KEY=VALUE, e.g., `MY_VAR="my value"`. - These take precedence over the previously defined environment variables. + The syntax is either VAR=VALUE or VAR=[configmap|secret]:name/key, where name represents the resource name, + and key represents the resource key to be mapped as and environment variable. + These take precedence over any previously defined environment variables. items: type: string type: array @@ -2848,8 +2849,9 @@ spec: vars: description: |- A list of environment variables to be added to the integration container. - The syntax is KEY=VALUE, e.g., `MY_VAR="my value"`. - These take precedence over the previously defined environment variables. + The syntax is either VAR=VALUE or VAR=[configmap|secret]:name/key, where name represents the resource name, + and key represents the resource key to be mapped as and environment variable. + These take precedence over any previously defined environment variables. items: type: string type: array diff --git a/pkg/resources/config/crd/bases/camel.apache.org_integrations.yaml b/pkg/resources/config/crd/bases/camel.apache.org_integrations.yaml index 7f99d90d69..a8d5d3c21a 100644 --- a/pkg/resources/config/crd/bases/camel.apache.org_integrations.yaml +++ b/pkg/resources/config/crd/bases/camel.apache.org_integrations.yaml @@ -6884,8 +6884,9 @@ spec: vars: description: |- A list of environment variables to be added to the integration container. - The syntax is KEY=VALUE, e.g., `MY_VAR="my value"`. - These take precedence over the previously defined environment variables. + The syntax is either VAR=VALUE or VAR=[configmap|secret]:name/key, where name represents the resource name, + and key represents the resource key to be mapped as and environment variable. + These take precedence over any previously defined environment variables. items: type: string type: array diff --git a/pkg/resources/config/crd/bases/camel.apache.org_kameletbindings.yaml b/pkg/resources/config/crd/bases/camel.apache.org_kameletbindings.yaml index 2805a4bc92..508d078180 100644 --- a/pkg/resources/config/crd/bases/camel.apache.org_kameletbindings.yaml +++ b/pkg/resources/config/crd/bases/camel.apache.org_kameletbindings.yaml @@ -6955,8 +6955,9 @@ spec: vars: description: |- A list of environment variables to be added to the integration container. - The syntax is KEY=VALUE, e.g., `MY_VAR="my value"`. - These take precedence over the previously defined environment variables. + The syntax is either VAR=VALUE or VAR=[configmap|secret]:name/key, where name represents the resource name, + and key represents the resource key to be mapped as and environment variable. + These take precedence over any previously defined environment variables. items: type: string type: array diff --git a/pkg/resources/config/crd/bases/camel.apache.org_pipes.yaml b/pkg/resources/config/crd/bases/camel.apache.org_pipes.yaml index 77aa04e8e5..25008359fa 100644 --- a/pkg/resources/config/crd/bases/camel.apache.org_pipes.yaml +++ b/pkg/resources/config/crd/bases/camel.apache.org_pipes.yaml @@ -6953,8 +6953,9 @@ spec: vars: description: |- A list of environment variables to be added to the integration container. - The syntax is KEY=VALUE, e.g., `MY_VAR="my value"`. - These take precedence over the previously defined environment variables. + The syntax is either VAR=VALUE or VAR=[configmap|secret]:name/key, where name represents the resource name, + and key represents the resource key to be mapped as and environment variable. + These take precedence over any previously defined environment variables. items: type: string type: array diff --git a/pkg/trait/environment.go b/pkg/trait/environment.go index 3609ff7b90..c1db2aec84 100644 --- a/pkg/trait/environment.go +++ b/pkg/trait/environment.go @@ -22,6 +22,7 @@ import ( "k8s.io/utils/ptr" + v1 "github.com/apache/camel-k/v2/pkg/apis/camel/v1" traitv1 "github.com/apache/camel-k/v2/pkg/apis/camel/v1/trait" "github.com/apache/camel-k/v2/pkg/util/camel" "github.com/apache/camel-k/v2/pkg/util/defaults" @@ -102,7 +103,16 @@ func (t *environmentTrait) Apply(e *Environment) error { if t.Vars != nil { for _, env := range t.Vars { k, v := property.SplitPropertyFileEntry(env) - envvar.SetVal(&e.EnvVars, k, v) + confs := v1.PlainConfigSecretRegexp.FindAllStringSubmatch(v, -1) + if len(confs) > 0 { + var res, err = v1.DecodeValueSource(v, "", "Invalid configuration "+v) + if err != nil { + return err + } + envvar.SetValFromValueSource(&e.EnvVars, k, res) + } else { + envvar.SetVal(&e.EnvVars, k, v) + } } } diff --git a/pkg/trait/environment_test.go b/pkg/trait/environment_test.go index fb19d54c63..05bf6cd8e6 100644 --- a/pkg/trait/environment_test.go +++ b/pkg/trait/environment_test.go @@ -18,6 +18,7 @@ limitations under the License. package trait import ( + "fmt" "testing" "github.com/stretchr/testify/assert" @@ -192,6 +193,45 @@ func TestCustomEnvVars(t *testing.T) { assert.True(t, userK2) } +func TestValueSourceEnvVars(t *testing.T) { + c, err := camel.DefaultCatalog() + require.NoError(t, err) + + env := mockEnvironment(c) + env.Integration.Spec.Traits = v1.Traits{ + Environment: &traitv1.EnvironmentTrait{ + Vars: []string{"MY_VAR_1=secret:my-sec/my-sec-value", "MY_VAR_2=configmap:my-cm/my-cm-value"}, + }, + } + env.Platform.ResyncStatusFullConfig() + + conditions, err := NewEnvironmentTestCatalog().apply(&env) + require.NoError(t, err) + assert.NotEmpty(t, conditions) + + userK1 := false + userK2 := false + + env.Resources.VisitDeployment(func(deployment *appsv1.Deployment) { + fmt.Println(deployment.Spec.Template.Spec.Containers[0].Env) + for _, e := range deployment.Spec.Template.Spec.Containers[0].Env { + if e.Name == "MY_VAR_1" { + userK1 = e.Value == "" && + e.ValueFrom.SecretKeyRef.Name == "my-sec" && + e.ValueFrom.SecretKeyRef.Key == "my-sec-value" + } + if e.Name == "MY_VAR_2" { + userK2 = e.Value == "" && + e.ValueFrom.ConfigMapKeyRef.Name == "my-cm" && + e.ValueFrom.ConfigMapKeyRef.Key == "my-cm-value" + } + } + }) + + assert.True(t, userK1) + assert.True(t, userK2) +} + func NewEnvironmentTestCatalog() *Catalog { return NewCatalog(nil) } diff --git a/pkg/util/envvar/envvar.go b/pkg/util/envvar/envvar.go index 0d017d391a..f6b668e851 100644 --- a/pkg/util/envvar/envvar.go +++ b/pkg/util/envvar/envvar.go @@ -17,7 +17,10 @@ limitations under the License. package envvar -import corev1 "k8s.io/api/core/v1" +import ( + v1 "github.com/apache/camel-k/v2/pkg/apis/camel/v1" + corev1 "k8s.io/api/core/v1" +) // Get --. func Get(vars []corev1.EnvVar, name string) *corev1.EnvVar { @@ -92,3 +95,27 @@ func SetValFrom(vars *[]corev1.EnvVar, name string, path string) { }) } } + +// SetValFromValueSource --. +func SetValFromValueSource(vars *[]corev1.EnvVar, name string, vs v1.ValueSource) { + var envVarSource *corev1.EnvVarSource + if vs.SecretKeyRef != nil { + envVarSource = &corev1.EnvVarSource{ + SecretKeyRef: vs.SecretKeyRef, + } + } else if vs.ConfigMapKeyRef != nil { + envVarSource = &corev1.EnvVarSource{ + ConfigMapKeyRef: vs.ConfigMapKeyRef, + } + } + + if envVar := Get(*vars, name); envVar != nil { + envVar.Value = "" + envVar.ValueFrom = envVarSource + } else { + *vars = append(*vars, corev1.EnvVar{ + Name: name, + ValueFrom: envVarSource, + }) + } +}