Skip to content

[Merged by Bors] - Allow users to request a secret format #610

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 5 commits into from
Closed

[Merged by Bors] - Allow users to request a secret format #610

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
d30e9da
Allow users to request a secret format
nightkr Jun 22, 2023
1eef86f
Changelog
nightkr Jun 22, 2023
8bc700c
Document meanings of secret formats
nightkr Jun 22, 2023
ad36ab0
Rename SecretFormat::Tls to TlsPem
nightkr Jun 27, 2023
46bc9e6
Merge branch 'main' into feature/secret-format
nightkr Jun 28, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.

## [Unreleased]

### Added

- Secrets can now be requested in a custom format ([#610]).

[#610]: https://github.com/stackabletech/operator-rs/pull/610

## [0.42.2] - 2023-06-27

### Fixed
Expand Down
28 changes: 28 additions & 0 deletions src/builder/pod/volume.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -265,6 +265,7 @@ impl VolumeMountBuilder {
pub struct SecretOperatorVolumeSourceBuilder {
secret_class: String,
scopes: Vec<SecretOperatorVolumeScope>,
format: Option<SecretFormat>,
kerberos_service_names: Vec<String>,
}

Expand All @@ -273,6 +274,7 @@ impl SecretOperatorVolumeSourceBuilder {
Self {
secret_class: secret_class.into(),
scopes: Vec::new(),
format: None,
kerberos_service_names: Vec::new(),
}
}
Expand All @@ -293,6 +295,11 @@ impl SecretOperatorVolumeSourceBuilder {
self
}

pub fn with_format(&mut self, format: SecretFormat) -> &mut Self {
self.format = Some(format);
self
}

pub fn with_kerberos_service_name(&mut self, name: impl Into<String>) -> &mut Self {
self.kerberos_service_names.push(name.into());
self
Expand Down Expand Up @@ -322,6 +329,13 @@ impl SecretOperatorVolumeSourceBuilder {
attrs.insert("secrets.stackable.tech/scope".to_string(), scopes);
}

if let Some(format) = &self.format {
attrs.insert(
"secrets.stackable.tech/format".to_string(),
format.as_ref().to_string(),
);
}

if !self.kerberos_service_names.is_empty() {
attrs.insert(
"secrets.stackable.tech/kerberos.service.names".to_string(),
Expand All @@ -346,6 +360,20 @@ impl SecretOperatorVolumeSourceBuilder {
}
}

/// A [secret format](https://docs.stackable.tech/home/stable/secret-operator/secretclass.html#format) known by secret-operator.
///
/// This must either match or be convertible from the corresponding secret class, or provisioning the volume will fail.
#[derive(Clone, strum::AsRefStr)]
#[strum(serialize_all = "kebab-case")]
pub enum SecretFormat {
/// A TLS certificate formatted as a PEM triple (`ca.crt`, `tls.crt`, `tls.key`) according to Kubernetes conventions.
TlsPem,
/// A TLS certificate formatted as a PKCS#12 store.
TlsPkcs12,
/// A Kerberos keytab.
Kerberos,
}

#[derive(Clone)]
enum SecretOperatorVolumeScope {
Node,
Expand Down