From d30e9daf70866676dfacc348bc90722f0a4c3619 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Natalie=20Klestrup=20R=C3=B6ijezon?= Date: Thu, 22 Jun 2023 11:19:22 +0200 Subject: [PATCH 1/4] Allow users to request a secret format The client side of https://github.com/stackabletech/secret-operator/pull/286 --- src/builder/pod/volume.rs | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/src/builder/pod/volume.rs b/src/builder/pod/volume.rs index e56c570a9..0ae47fe38 100644 --- a/src/builder/pod/volume.rs +++ b/src/builder/pod/volume.rs @@ -265,6 +265,7 @@ impl VolumeMountBuilder { pub struct SecretOperatorVolumeSourceBuilder { secret_class: String, scopes: Vec, + format: Option, kerberos_service_names: Vec, } @@ -273,6 +274,7 @@ impl SecretOperatorVolumeSourceBuilder { Self { secret_class: secret_class.into(), scopes: Vec::new(), + format: None, kerberos_service_names: Vec::new(), } } @@ -293,6 +295,11 @@ impl SecretOperatorVolumeSourceBuilder { self } + pub fn with_format(&mut self, format: SecretFormat) -> &mut Self { + self.format = Some(format); + self + } + pub fn with_kerberos_service_name(&mut self, name: impl Into) -> &mut Self { self.kerberos_service_names.push(name.into()); self @@ -322,6 +329,13 @@ impl SecretOperatorVolumeSourceBuilder { attrs.insert("secrets.stackable.tech/scope".to_string(), scopes); } + if let Some(format) = &self.format { + attrs.insert( + "secrets.stackable.tech/format".to_string(), + format.as_str().to_string(), + ); + } + if !self.kerberos_service_names.is_empty() { attrs.insert( "secrets.stackable.tech/kerberos.service.names".to_string(), @@ -346,6 +360,23 @@ impl SecretOperatorVolumeSourceBuilder { } } +#[derive(Clone)] +pub enum SecretFormat { + Tls, + TlsPkcs12, + Kerberos, +} + +impl SecretFormat { + fn as_str(&self) -> &'static str { + match self { + SecretFormat::Tls => "tls", + SecretFormat::TlsPkcs12 => "tls-pkcs12", + SecretFormat::Kerberos => "kerberos", + } + } +} + #[derive(Clone)] enum SecretOperatorVolumeScope { Node, From 1eef86f2f47afdc8939f7228551b2813fd385f69 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Natalie=20Klestrup=20R=C3=B6ijezon?= Date: Thu, 22 Jun 2023 11:33:42 +0200 Subject: [PATCH 2/4] Changelog --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index bbc859a2d..2138963d4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file. ## [Unreleased] +### Added + +- Secrets can now be requested in a custom format ([#610]). + +[#610]: https://github.com/stackabletech/operator-rs/pull/610 + ## [0.41.0] - 2023-04-20 ### Changed From 8bc700c44905ca79e3868d802edef70b63691f45 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Natalie=20Klestrup=20R=C3=B6ijezon?= Date: Thu, 22 Jun 2023 11:55:58 +0200 Subject: [PATCH 3/4] Document meanings of secret formats --- src/builder/pod/volume.rs | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/builder/pod/volume.rs b/src/builder/pod/volume.rs index 0ae47fe38..31272e8e8 100644 --- a/src/builder/pod/volume.rs +++ b/src/builder/pod/volume.rs @@ -360,10 +360,16 @@ impl SecretOperatorVolumeSourceBuilder { } } +/// A [secret format](https://docs.stackable.tech/home/stable/secret-operator/secretclass.html#format) known by secret-operator. +/// +/// This must either match or be convertible from the corresponding secret class, or provisioning the volume will fail. #[derive(Clone)] pub enum SecretFormat { + /// A TLS certificate formatted as a PEM triple (`ca.crt`, `tls.crt`, `tls.key`) according to Kubernetes conventions. Tls, + /// A TLS certificate formatted as a PKCS#12 store. TlsPkcs12, + /// A Kerberos keytab. Kerberos, } From ad36ab087cc66133942f61a4cdb88246dba3374d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Natalie=20Klestrup=20R=C3=B6ijezon?= Date: Tue, 27 Jun 2023 08:56:36 +0200 Subject: [PATCH 4/4] Rename SecretFormat::Tls to TlsPem --- src/builder/pod/volume.rs | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/src/builder/pod/volume.rs b/src/builder/pod/volume.rs index 31272e8e8..d565ddc33 100644 --- a/src/builder/pod/volume.rs +++ b/src/builder/pod/volume.rs @@ -332,7 +332,7 @@ impl SecretOperatorVolumeSourceBuilder { if let Some(format) = &self.format { attrs.insert( "secrets.stackable.tech/format".to_string(), - format.as_str().to_string(), + format.as_ref().to_string(), ); } @@ -363,26 +363,17 @@ impl SecretOperatorVolumeSourceBuilder { /// A [secret format](https://docs.stackable.tech/home/stable/secret-operator/secretclass.html#format) known by secret-operator. /// /// This must either match or be convertible from the corresponding secret class, or provisioning the volume will fail. -#[derive(Clone)] +#[derive(Clone, strum::AsRefStr)] +#[strum(serialize_all = "kebab-case")] pub enum SecretFormat { /// A TLS certificate formatted as a PEM triple (`ca.crt`, `tls.crt`, `tls.key`) according to Kubernetes conventions. - Tls, + TlsPem, /// A TLS certificate formatted as a PKCS#12 store. TlsPkcs12, /// A Kerberos keytab. Kerberos, } -impl SecretFormat { - fn as_str(&self) -> &'static str { - match self { - SecretFormat::Tls => "tls", - SecretFormat::TlsPkcs12 => "tls-pkcs12", - SecretFormat::Kerberos => "kerberos", - } - } -} - #[derive(Clone)] enum SecretOperatorVolumeScope { Node,