From ada92eb33257187cbfd71ee0389ceeb40c10ccae Mon Sep 17 00:00:00 2001 From: Christopher Haar Date: Sat, 16 Sep 2023 10:30:59 +0200 Subject: [PATCH] feat(ess): fix nil when enabled enableExternalSecretStores Signed-off-by: Christopher Haar --- apis/v1alpha1/types.go | 4 ++-- cmd/provider/main.go | 11 +++++++++++ package/crds/vault.upbound.io_storeconfigs.yaml | 4 ++-- 3 files changed, 15 insertions(+), 4 deletions(-) diff --git a/apis/v1alpha1/types.go b/apis/v1alpha1/types.go index a8cab411..88f42736 100644 --- a/apis/v1alpha1/types.go +++ b/apis/v1alpha1/types.go @@ -22,11 +22,11 @@ type StoreConfigStatus struct { // +kubebuilder:object:root=true -// A StoreConfig configures how GCP controller should store connection details. +// A StoreConfig configures how vault controller should store connection details. // +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" // +kubebuilder:printcolumn:name="TYPE",type="string",JSONPath=".spec.type" // +kubebuilder:printcolumn:name="DEFAULT-SCOPE",type="string",JSONPath=".spec.defaultScope" -// +kubebuilder:resource:scope=Cluster,categories={crossplane,store,gcp} +// +kubebuilder:resource:scope=Cluster,categories={crossplane,store,vault} // +kubebuilder:subresource:status type StoreConfig struct { metav1.TypeMeta `json:",inline"` diff --git a/cmd/provider/main.go b/cmd/provider/main.go index 052c9d37..7ce76cec 100644 --- a/cmd/provider/main.go +++ b/cmd/provider/main.go @@ -11,6 +11,7 @@ import ( "time" xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" "github.com/crossplane/crossplane-runtime/pkg/feature" "github.com/crossplane/crossplane-runtime/pkg/logging" @@ -48,6 +49,7 @@ func main() { namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("upbound-system").Envar("POD_NAMESPACE").String() enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() ) @@ -97,6 +99,15 @@ func main() { o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + // Ensure default store config exists. kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ ObjectMeta: metav1.ObjectMeta{ diff --git a/package/crds/vault.upbound.io_storeconfigs.yaml b/package/crds/vault.upbound.io_storeconfigs.yaml index f3cf1365..171ccbd5 100644 --- a/package/crds/vault.upbound.io_storeconfigs.yaml +++ b/package/crds/vault.upbound.io_storeconfigs.yaml @@ -11,7 +11,7 @@ spec: categories: - crossplane - store - - gcp + - vault kind: StoreConfig listKind: StoreConfigList plural: storeconfigs @@ -31,7 +31,7 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: A StoreConfig configures how GCP controller should store connection + description: A StoreConfig configures how vault controller should store connection details. properties: apiVersion: