Merge pull request #5 from nmvk/secret

SecretKeyRef - Runtime Implementation

apis/core/v1alpha1/secret.go

@@ -0,0 +1,27 @@
+// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License"). You may
+// not use this file except in compliance with the License. A copy of the
+// License is located at
+//
+//     http://aws.amazon.com/apache2.0/
+//
+// or in the "license" file accompanying this file. This file is distributed
+// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+// express or implied. See the License for the specific language governing
+// permissions and limitations under the License.
+
+package v1alpha1
+
+import (
+	k8scorev1 "k8s.io/api/core/v1"
+)
+
+// SecretKeyReference combines a k8s corev1.SecretReference with a
+// specific key within the referred-to Secret
+type SecretKeyReference struct {
+	// Empty JSON tag is required to solve encountered struct field "" without JSON tag  error.
+	k8scorev1.SecretReference `json:""`
+	// Key is the key within the secret
+	Key string `json:"key"`
+}

pkg/errors/error.go

@@ -42,6 +42,9 @@ var (
 	// Terminal is returned with resource is in Terminal Condition
 	Terminal = fmt.Errorf(
 		"resource is in terminal condition")
+	// SecretTypeNotSupported is returned if non opaque secret is used.
+	SecretTypeNotSupported = fmt.Errorf(
+		"only opaque secrets can be used")
 )
 
 // AWSError returns the type conversion for the supplied error to an aws-sdk-go

pkg/runtime/reconciler.go

@@ -85,12 +85,41 @@ func (r *reconciler) BindControllerManager(mgr ctrlrt.Manager) error {
 }
 
 // SecretValueFromReference fetches the value of a Secret given a
-// SecretReference
+// SecretKeyReference.
 func (r *reconciler) SecretValueFromReference(
-	ref *corev1.SecretReference,
+	ctx context.Context,
+	ref *ackv1alpha1.SecretKeyReference,
 ) (string, error) {
-	// TODO(alina-kim): Implement this method :)
-	return "", ackerr.NotImplemented
+
+	if ref == nil {
+		return "", nil
+	}
+
+	namespace := ref.Namespace
+	if namespace == "" {
+		namespace = "default"
+	}
+
+	nsn := client.ObjectKey{
+		Namespace: namespace,
+		Name: ref.Name,
+	}
+	var secret corev1.Secret
+	if err := r.kc.Get(ctx, nsn, &secret); err != nil {
+		return "", err
+	}
+
+	// Currently we have only Opaque secrets in scope.
+	if secret.Type != corev1.SecretTypeOpaque {
+		return "", ackerr.SecretTypeNotSupported
+	}
+
+	if value, ok := secret.Data[ref.Key]; ok {
+		valuestr := string(value)
+		return valuestr, nil
+	}
+
+	return "", ackerr.NotFound
 }
 
 // Reconcile implements `controller-runtime.Reconciler` and handles reconciling

pkg/types/aws_resource_reconciler.go

@@ -14,7 +14,8 @@
 package types
 
 import (
-	corev1 "k8s.io/api/core/v1"
+	"context"
+	"github.com/aws-controllers-k8s/runtime/apis/core/v1alpha1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	ctrlrt "sigs.k8s.io/controller-runtime"
 	ctrlreconcile "sigs.k8s.io/controller-runtime/pkg/reconcile"
@@ -39,6 +40,6 @@ type AWSResourceReconciler interface {
 	// of an upstream controller-runtime.Manager
 	BindControllerManager(ctrlrt.Manager) error
 	// SecretValueFromReference fetches the value of a Secret given a
-	// SecretReference
-	SecretValueFromReference(*corev1.SecretReference) (string, error)
+	// SecretKeyReference
+	SecretValueFromReference(context.Context, *v1alpha1.SecretKeyReference) (string, error)
 }