Skip to content

Commit

Permalink
Merge pull request #13 from upbound/fix/ess
Browse files Browse the repository at this point in the history
  • Loading branch information
jeanduplessis authored Sep 16, 2023
2 parents 6c08fb2 + ada92eb commit 4d00664
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 4 deletions.
4 changes: 2 additions & 2 deletions apis/v1alpha1/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,11 +22,11 @@ type StoreConfigStatus struct {

// +kubebuilder:object:root=true

// A StoreConfig configures how GCP controller should store connection details.
// A StoreConfig configures how vault controller should store connection details.
// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp"
// +kubebuilder:printcolumn:name="TYPE",type="string",JSONPath=".spec.type"
// +kubebuilder:printcolumn:name="DEFAULT-SCOPE",type="string",JSONPath=".spec.defaultScope"
// +kubebuilder:resource:scope=Cluster,categories={crossplane,store,gcp}
// +kubebuilder:resource:scope=Cluster,categories={crossplane,store,vault}
// +kubebuilder:subresource:status
type StoreConfig struct {
metav1.TypeMeta `json:",inline"`
Expand Down
11 changes: 11 additions & 0 deletions cmd/provider/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import (
"time"

xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1"
"github.com/crossplane/crossplane-runtime/pkg/certificates"
xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller"
"github.com/crossplane/crossplane-runtime/pkg/feature"
"github.com/crossplane/crossplane-runtime/pkg/logging"
Expand Down Expand Up @@ -48,6 +49,7 @@ func main() {

namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("upbound-system").Envar("POD_NAMESPACE").String()
enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool()
essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String()
enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool()
)

Expand Down Expand Up @@ -97,6 +99,15 @@ func main() {
o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind
log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores)

o.ESSOptions = &tjcontroller.ESSOptions{}
if *essTLSCertsPath != "" {
log.Info("ESS TLS certificates path is set. Loading mTLS configuration.")
tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false)
kingpin.FatalIfError(err, "Cannot load ESS TLS config.")

o.ESSOptions.TLSConfig = tCfg
}

// Ensure default store config exists.
kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{
ObjectMeta: metav1.ObjectMeta{
Expand Down
4 changes: 2 additions & 2 deletions package/crds/vault.upbound.io_storeconfigs.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ spec:
categories:
- crossplane
- store
- gcp
- vault
kind: StoreConfig
listKind: StoreConfigList
plural: storeconfigs
Expand All @@ -31,7 +31,7 @@ spec:
name: v1alpha1
schema:
openAPIV3Schema:
description: A StoreConfig configures how GCP controller should store connection
description: A StoreConfig configures how vault controller should store connection
details.
properties:
apiVersion:
Expand Down

0 comments on commit 4d00664

Please sign in to comment.