Support generating cert based TLS type secret

Azure · Jan 30, 2024 · f9f7474 · f9f7474
1 parent 237d661
commit f9f7474
Show file tree

Hide file tree

Showing 12 changed files with 528 additions and 230 deletions.
diff --git a/api/v1/azureappconfigurationprovider_types.go b/api/v1/azureappconfigurationprovider_types.go
@@ -35,7 +35,7 @@ type AzureAppConfigurationProviderSpec struct {
 	Target                    ConfigurationGenerationParameters        `json:"target"`
 	Auth                      *AzureAppConfigurationProviderAuth       `json:"auth,omitempty"`
 	Configuration             AzureAppConfigurationKeyValueOptions     `json:"configuration,omitempty"`
-	Secret                    *AzureKeyVaultReference                  `json:"secret,omitempty"`
+	Secret                    *AzureSecretReference                    `json:"secret,omitempty"`
 	FeatureFlag               *AzureAppConfigurationFeatureFlagOptions `json:"featureFlag,omitempty"`
 }
 
@@ -141,8 +141,8 @@ type ManagedIdentityReferenceParameters struct {
 	Key string `json:"key"`
 }
 
-// AzureKeyVaultReference defines the authentication type used to Azure KeyVault resolve KeyVaultReference
-type AzureKeyVaultReference struct {
+// AzureSecretReference defines the authentication type used to Azure KeyVault resolve KeyVaultReference
+type AzureSecretReference struct {
 	Target  SecretGenerationParameters `json:"target"`
 	Auth    *AzureKeyVaultAuth         `json:"auth,omitempty"`
 	Refresh *RefreshSettings           `json:"refresh,omitempty"`

diff --git a/api/v1/zz_generated.deepcopy.go b/api/v1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/azconfig.io_azureappconfigurationproviders.yaml b/config/crd/bases/azconfig.io_azureappconfigurationproviders.yaml
@@ -162,7 +162,7 @@ spec:
                     type: array
                 type: object
               secret:
-                description: AzureKeyVaultReference defines the authentication type
+                description: AzureSecretReference defines the authentication type
                   used to Azure KeyVault resolve KeyVaultReference
                 properties:
                   auth:

diff --git a/internal/controller/appconfigurationprovider_controller.go b/internal/controller/appconfigurationprovider_controller.go
diff --git a/internal/controller/appconfigurationprovider_controller_test.go b/internal/controller/appconfigurationprovider_controller_test.go
@@ -151,16 +151,27 @@ var _ = Describe("AppConfiguationProvider controller", func() {
 			mapResult["testSecretKey2"] = []byte("testValue2")
 			mapResult["testSecretKey3"] = []byte("testValue3")
 
+			secretName := "secret-to-be-created-3"
 			allSettings := &loader.TargetKeyValueSettings{
-				SecretSettings: mapResult,
+				SecretSettings: map[string]corev1.Secret{
+					secretName: {
+						Data: mapResult,
+						Type: corev1.SecretType("Opaque"),
+					},
+				},
+				SecretReferences: map[string]*loader.TargetSecretReference{
+					secretName: &loader.TargetSecretReference{
+						Type:        corev1.SecretType("Opaque"),
+						UriSegments: make(map[string]loader.KeyVaultSecretUriSegment),
+					},
+				},
 			}
 
 			mockConfigurationSettings.EXPECT().CreateTargetSettings(gomock.Any(), gomock.Any()).Return(allSettings, nil)
 
 			ctx := context.Background()
 			providerName := "test-appconfigurationprovider-3"
 			configMapName := "configmap-to-be-created-3"
-			secretName := "secret-to-be-created-3"
 			configProvider := &acpv1.AzureAppConfigurationProvider{
 				TypeMeta: metav1.TypeMeta{
 					APIVersion: "appconfig.kubernetes.config/v1",
@@ -175,7 +186,7 @@ var _ = Describe("AppConfiguationProvider controller", func() {
 					Target: acpv1.ConfigurationGenerationParameters{
 						ConfigMapName: configMapName,
 					},
-					Secret: &acpv1.AzureKeyVaultReference{
+					Secret: &acpv1.AzureSecretReference{
 						Target: acpv1.SecretGenerationParameters{
 							SecretName: secretName,
 						},
@@ -213,17 +224,29 @@ var _ = Describe("AppConfiguationProvider controller", func() {
 			secretResult["testSecretKey2"] = []byte("testSecretValue2")
 			secretResult["testSecretKey3"] = []byte("testSecretValue3")
 
+			secretName := "secret-to-be-created-5"
 			allSettings := &loader.TargetKeyValueSettings{
-				SecretSettings:    secretResult,
+				SecretSettings: map[string]corev1.Secret{
+					secretName: {
+						Data: secretResult,
+						Type: corev1.SecretType("Opaque"),
+					},
+				},
 				ConfigMapSettings: configMapResult,
+				SecretReferences: map[string]*loader.TargetSecretReference{
+					secretName: &loader.TargetSecretReference{
+						Type:        corev1.SecretType("Opaque"),
+						UriSegments: make(map[string]loader.KeyVaultSecretUriSegment),
+					},
+				},
 			}
 
 			mockConfigurationSettings.EXPECT().CreateTargetSettings(gomock.Any(), gomock.Any()).Return(allSettings, nil)
 
 			ctx := context.Background()
 			providerName := "test-appconfigurationprovider-5"
 			configMapName := "configmap-to-be-created-5"
-			secretName := "secret-to-be-created-5"
+
 			configProvider := &acpv1.AzureAppConfigurationProvider{
 				TypeMeta: metav1.TypeMeta{
 					APIVersion: "appconfig.kubernetes.config/v1",
@@ -238,7 +261,7 @@ var _ = Describe("AppConfiguationProvider controller", func() {
 					Target: acpv1.ConfigurationGenerationParameters{
 						ConfigMapName: configMapName,
 					},
-					Secret: &acpv1.AzureKeyVaultReference{
+					Secret: &acpv1.AzureSecretReference{
 						Target: acpv1.SecretGenerationParameters{
 							SecretName: secretName,
 						},