Skip to content

Commit

Permalink
updating per comments
Browse files Browse the repository at this point in the history
  • Loading branch information
lakshmimsft committed Aug 30, 2024
1 parent 50fef93 commit 2238a62
Show file tree
Hide file tree
Showing 4 changed files with 68 additions and 14 deletions.
46 changes: 46 additions & 0 deletions pkg/corerp/api/v20231001preview/secretstore_conversion_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -159,3 +159,49 @@ func TestSecretStoreConvertFromValidation(t *testing.T) {
require.ErrorAs(t, tc.err, &err)
}
}

func TestSecretStorefromSecretStoreDataTypeDataModel(t *testing.T) {
tests := []struct {
name string
input datamodel.SecretType
expected *SecretStoreDataType
}{
{
name: "Generic Secret Type",
input: datamodel.SecretTypeGeneric,
expected: to.Ptr(SecretStoreDataTypeGeneric),
},
{
name: "Certificate Secret Type",
input: datamodel.SecretTypeCert,
expected: to.Ptr(SecretStoreDataTypeCertificate),
},
{
name: "Basic Authentication Secret Type",
input: datamodel.SecretTypeBasicAuthentication,
expected: to.Ptr(SecretStoreDataTypeBasicAuthentication),
},
{
name: "Azure Workload Identity Secret Type",
input: datamodel.SecretTypeAzureWorkloadIdentity,
expected: to.Ptr(SecretStoreDataTypeAzureWorkloadIdentity),
},
{
name: "AWS IRSA Secret Type",
input: datamodel.SecretTypeAWSIRSA,
expected: to.Ptr(SecretStoreDataTypeAwsIRSA),
},
{
name: "None Secret Type",
input: datamodel.SecretTypeNone,
expected: nil,
},
}

for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result := fromSecretStoreDataTypeDataModel(tt.input)
require.Equal(t, tt.expected, result)
})
}
}
14 changes: 7 additions & 7 deletions pkg/corerp/frontend/controller/secretstores/kubernetes.go
Original file line number Diff line number Diff line change
Expand Up @@ -78,17 +78,17 @@ func getOrDefaultEncoding(t datamodel.SecretType, e datamodel.SecretValueEncodin
return e, err
}

// Define a map of required keys for each SecretType
var requiredKeys = map[datamodel.SecretType][]string{
datamodel.SecretTypeBasicAuthentication: {RequiredUsername, RequiredPassword},
datamodel.SecretTypeAzureWorkloadIdentity: {RequiredClientId, RequiredTenantId},
datamodel.SecretTypeAWSIRSA: {RequiredRoleARN},
}

// ValidateAndMutateRequest checks the type and encoding of the secret store, and ensures that the secret store data is
// valid and required keys are present for the secret type. If any of these checks fail, a BadRequestResponse is returned.
func ValidateAndMutateRequest(ctx context.Context, newResource *datamodel.SecretStore, oldResource *datamodel.SecretStore, options *controller.Options) (rest.Response, error) {
// Define a map of required keys for each SecretType
var requiredKeys = map[datamodel.SecretType][]string{
datamodel.SecretTypeBasicAuthentication: {UsernameKey, PasswordKey},
datamodel.SecretTypeAzureWorkloadIdentity: {ClientIdKey, TenantIdKey},
datamodel.SecretTypeAWSIRSA: {RoleARNKey},
}
var err error

newResource.Properties.Type, err = getOrDefaultType(newResource.Properties.Type)
if err != nil {
return rest.NewBadRequestResponse(err.Error()), nil
Expand Down
20 changes: 14 additions & 6 deletions pkg/corerp/frontend/controller/secretstores/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,18 @@ const (
// ResourceTypeName is the resource type name for secret stores.
ResourceTypeName = "Applications.Core/secretStores"

// The following are possible required keys in a SecretStore depending on it's SecretType
RequiredUsername = "username"
RequiredPassword = "password"
RequiredClientId = "clientId"
RequiredTenantId = "tenantId"
RequiredRoleARN = "roleARN"
// UsernameKey is a required key in a secret store when SecretType is Basic Authentication.
UsernameKey = "username"

// PasswordKey is a required key in a secret store when SecretType is Basic Authentication.
PasswordKey = "password"

// ClientIdKey is a required key in a secret store when SecretType is Azure Workload Identity.
ClientIdKey = "clientId"

// TenantIdKey is a required key in a secret store when SecretType is Azure workload Identity.
TenantIdKey = "tenantId"

// RoleARNKey is a required key in a secret store when SecretType is AWS IRSA.
RoleARNKey = "roleARN"
)
2 changes: 1 addition & 1 deletion typespec/Applications.Core/secretstores.tsp
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ enum SecretStoreDataType {
@doc("azureWorkloadIdentity type is used to represent registry authentication using azure federated identity and the secretstore resource is expected to have the keys 'clientId' and 'tenantId'.")
azureWorkloadIdentity,

@doc("awsIRSA type is used to represent registry authentication using AWS IRSA(IAM Roles for Service accounts) and the secretstore resource is expected to have the keys 'roleARN'.")
@doc("awsIRSA type is used to represent registry authentication using AWS IRSA (IAM Roles for Service accounts) and the secretstore resource is expected to have the key 'roleARN'.")
awsIRSA,
}

Expand Down

0 comments on commit 2238a62

Please sign in to comment.