Extend ack-generate to generate slice with elements of type Kubernetes Secret

Kumar Gaurav Sharma · Kumar Gaurav Sharma · commit ad7a8d29ded7 · 2021-06-09T23:40:18.000-07:00
Related issue: aws-controllers-k8s/community#828 With this code change, when a field of type slice is configured as secret type inside Generator config, then the generated CRD yaml allows specifying multiple k8s secret values for that field in input yaml and generated sdk code supplies these values to the resource API input field as slice type.
diff --git a/pkg/generate/code/set_sdk.go b/pkg/generate/code/set_sdk.go
@@ -236,7 +236,13 @@ func SetSDK(
 		sourceAdaptedVarName += "." + f.Names.Camel
 		sourceFieldPath := f.Names.Camel
 
-		if r.IsSecretField(memberName) {
+		memberShapeRef, _ := inputShape.MemberRefs[memberName]
+		memberShape := memberShapeRef.Shape
+
+		if r.IsSecretField(memberName) &&
+			memberShape.Type != "list" &&
+			memberShape.Type != "structure" &&
+			memberShape.Type != "map" {
 			out += setSDKForSecret(
 				cfg, r,
 				memberName,
@@ -247,9 +253,6 @@ func SetSDK(
 			continue
 		}
 
-		memberShapeRef, _ := inputShape.MemberRefs[memberName]
-		memberShape := memberShapeRef.Shape
-
 		// we construct variables containing temporary storage for sub-elements
 		// and sub-fields that are structs. Names of fields are "f" appended by
 		// the 0-based index of the field within the set of the target struct's
@@ -770,6 +773,16 @@ func setSDKForContainer(
 			indentLevel,
 		)
 	default:
+		if r.IsSecretField(sourceFieldPath) {
+			return setSDKForSecret(
+				cfg, r,
+				"",
+				targetVarName,
+				sourceVarName,
+				indentLevel,
+			)
+		}
+
 		return setSDKForScalar(
 			cfg, r,
 			targetFieldName,
@@ -833,10 +846,17 @@ func setSDKForSecret(
 	//         res.SetMasterUserPassword(tmpSecret)
 	//     }
 	out += fmt.Sprintf("%s\tif tmpSecret != \"\" {\n", indent)
-	out += fmt.Sprintf(
-		"%s\t\t%s.Set%s(%s)\n",
-		indent, targetVarName, targetFieldName, secVar,
-	)
+	if targetFieldName == "" {
+		out += fmt.Sprintf(
+			"%s\t\t%s = %s\n",
+			indent, targetVarName, secVar,
+		)
+	} else {
+		out += fmt.Sprintf(
+			"%s\t\t%s.Set%s(%s)\n",
+			indent, targetVarName, targetFieldName, secVar,
+		)
+	}
 	out += fmt.Sprintf("%s\t}\n", indent)
 	// }
 	out += fmt.Sprintf("%s}\n", indent)
@@ -974,14 +994,16 @@ func setSDKForSlice(
 	//
 	//  f0elem.SetMyField(*f0iter)
 	containerFieldName := ""
+	sourceAttributePath := sourceFieldPath
 	if targetShape.MemberRef.Shape.Type == "structure" {
 		containerFieldName = targetFieldName
+		sourceAttributePath = sourceFieldPath+"."
 	}
 	out += setSDKForContainer(
 		cfg, r,
 		containerFieldName,
 		elemVarName,
-		sourceFieldPath+".",
+		sourceAttributePath,
 		iterVarName,
 		&targetShape.MemberRef,
 		indentLevel+1,
diff --git a/pkg/generate/code/set_sdk_test.go b/pkg/generate/code/set_sdk_test.go
@@ -1109,6 +1109,49 @@ func TestSetSDK_Elasticache_ReplicationGroup_Update_Override_Values(t *testing.T
 	)
 }
 
+func TestSetSDK_Elasticache_User_Create_Override_Values(t *testing.T) {
+	assert := assert.New(t)
+	require := require.New(t)
+
+	g := testutil.NewGeneratorForService(t, "elasticache")
+
+	crd := testutil.GetCRDByName(t, g, "User")
+	require.NotNil(crd)
+
+	expected := `
+	if r.ko.Spec.AccessString != nil {
+		res.SetAccessString(*r.ko.Spec.AccessString)
+	}
+	if r.ko.Spec.NoPasswordRequired != nil {
+		res.SetNoPasswordRequired(*r.ko.Spec.NoPasswordRequired)
+	}
+	if r.ko.Spec.Passwords != nil {
+		f3 := []*string{}
+		for _, f3iter := range r.ko.Spec.Passwords {
+			var f3elem string
+			if f3iter != nil {
+				tmpSecret, err := rm.rr.SecretValueFromReference(ctx, f3iter)
+				if err != nil {
+					return nil, err
+				}
+				if tmpSecret != "" {
+					f3elem = tmpSecret
+				}
+			}
+			f3 = append(f3, &f3elem)
+		}
+		res.SetPasswords(f3)
+	}
+	if r.ko.Spec.UserID != nil {
+		res.SetUserId(*r.ko.Spec.UserID)
+	}
+`
+	assert.Equal(
+		expected,
+		code.SetSDK(crd.Config(), crd, model.OpTypeUpdate, "r.ko", "res", 1),
+	)
+}
+
 func TestSetSDK_RDS_DBInstance_Create(t *testing.T) {
 	assert := assert.New(t)
 	require := require.New(t)
diff --git a/pkg/generate/elasticache_test.go b/pkg/generate/elasticache_test.go
@@ -274,6 +274,13 @@ func TestElasticache_ValidateAuthTokenIsSecret(t *testing.T) {
 
 	assert := assert.New(t)
 	assert.Equal("*ackv1alpha1.SecretKeyReference", crd.SpecFields["AuthToken"].GoType)
-	assert.Equal("ackv1alpha1.SecretKeyReference", crd.SpecFields["AuthToken"].GoTypeElem)
+	assert.Equal("SecretKeyReference", crd.SpecFields["AuthToken"].GoTypeElem)
 	assert.Equal("*ackv1alpha1.SecretKeyReference", crd.SpecFields["AuthToken"].GoTypeWithPkgName)
+
+	crd = getCRDByName("User", crds)
+	require.NotNil(crd)
+
+	assert.Equal("[]*ackv1alpha1.SecretKeyReference", crd.SpecFields["Passwords"].GoType)
+	assert.Equal("SecretKeyReference", crd.SpecFields["Passwords"].GoTypeElem)
+	assert.Equal("[]*ackv1alpha1.SecretKeyReference", crd.SpecFields["Passwords"].GoTypeWithPkgName)
 }
diff --git a/pkg/generate/testdata/models/apis/elasticache/0000-00-00/generator.yaml b/pkg/generate/testdata/models/apis/elasticache/0000-00-00/generator.yaml
@@ -18,6 +18,10 @@ resources:
         from:
           operation: DescribeEvents
           path: Events
+  User:
+    fields:
+      Passwords:
+        is_secret: true
   ReplicationGroup:
     update_conditions_custom_method_name: CustomUpdateConditions
     exceptions:
@@ -126,7 +130,6 @@ ignore:
     - GlobalReplicationGroup
     - CacheCluster
     - CacheSecurityGroup
-    - User
     - UserGroup
   field_paths:
     - DescribeSnapshotsInput.CacheClusterId
diff --git a/pkg/model/field.go b/pkg/model/field.go
@@ -95,12 +95,8 @@ func NewField(
 		shape = shapeRef.Shape
 	}
 
-	if cfg != nil && cfg.IsSecret {
-		gt = "*ackv1alpha1.SecretKeyReference"
-		gte = "ackv1alpha1.SecretKeyReference"
-		gtwp = "*ackv1alpha1.SecretKeyReference"
-	} else if shape != nil {
-		gte, gt, gtwp = cleanGoType(crd.sdkAPI, crd.cfg, shape)
+	if shape != nil {
+		gte, gt, gtwp = cleanGoType(crd.sdkAPI, crd.cfg, shape, cfg)
 	} else {
 		gte = "string"
 		gt = "*string"
diff --git a/pkg/model/types.go b/pkg/model/types.go
@@ -29,6 +29,7 @@ func cleanGoType(
 	api *SDKAPI,
 	cfg *ackgenconfig.Config,
 	shape *awssdkmodel.Shape,
+	fieldCfg *ackgenconfig.FieldConfig,
 ) (string, string, string) {
 	// There are shapes that are called things like DBProxyStatus that are
 	// fields in a DBProxy CRD... we need to ensure the type names don't
@@ -48,20 +49,26 @@ func cleanGoType(
 	} else if shape.Type == "list" {
 		// If it's a list type, where the element is a structure, we need to
 		// set the GoType to the cleaned-up Camel-cased name
-		mgte, mgt, _ := cleanGoType(api, cfg, shape.MemberRef.Shape)
+		mgte, mgt, mgtwp := cleanGoType(api, cfg, shape.MemberRef.Shape, fieldCfg)
 		cleanNames := names.New(mgte)
 		gte = cleanNames.Camel
 		if api.HasConflictingTypeName(mgte, cfg) {
 			gte += "_SDK"
 		}
 
 		gt = "[]" + mgt
+		gtwp = "[]" + mgtwp
 	} else if shape.Type == "timestamp" {
 		// time.Time needs to be converted to apimachinery/metav1.Time
 		// otherwise there is no DeepCopy support
 		gtwp = "*metav1.Time"
 		gte = "metav1.Time"
 		gt = "*metav1.Time"
+	} else if fieldCfg != nil && fieldCfg.IsSecret {
+		gt = "*ackv1alpha1.SecretKeyReference"
+		gte = "SecretKeyReference"
+		gtwp = "*ackv1alpha1.SecretKeyReference"
+		return gte, gt, gtwp
 	}
 
 	// Replace the type part of the full type-with-package-name with the
