Merge pull request #312 from adborden/feature/pipe-step-credentials

feat: pass credential secrets from pipeline

Author: Peefy

README.md

@@ -276,6 +276,69 @@ spec:
     password: <password> # or KCL_SRC_PASSWORD environment variable
 ```
 
+You can provide credentials in a Secret to your pipeline step under the name `kcl-registry`.
+
+```yaml
+# composition.yaml
+apiVersion: apiextensions.crossplane.io/v1
+kind: Composition
+metadata:
+  name: example
+spec:
+  compositeTypeRef:
+    apiVersion: example.crossplane.io/v1beta1
+    kind: XR
+  mode: Pipeline
+  pipeline:
+    - step: basic
+      functionRef:
+        name: function-kcl
+      input:
+        apiVersion: krm.kcl.dev/v1alpha1
+        kind: KCLInput
+        source: |
+          # Read the XR
+          oxr = option("params").oxr
+          # Patch the XR with the status field
+          dxr = {
+              **option("params").dxr
+              status.dummy = "cool-status"
+          }
+          # Construct a bucket
+          bucket = {
+              apiVersion = "s3.aws.upbound.io/v1beta1"
+              kind = "Bucket"
+              metadata.annotations: {
+                  "krm.kcl.dev/composition-resource-name" = "bucket"
+              }
+              spec.forProvider.region = option("oxr").spec.region
+          }
+          # Return the bucket and patched XR
+          items = [bucket, dxr]
+      credentials: # If private OCI registry
+        - name: kcl-registry
+          source: Secret
+          secretRef:
+            namespace: default
+            name: default
+```
+
+And your secret:
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: default
+  namsepace: default
+data:
+  username: dXNlcm5hbWU=
+  password: cGFzc3dvcmQ=
+  url: aHR0cHM6Ly9leGFtcGxlLmNvbQ==
+```
+
+You can use these credentials with `crossplane render --function-credentials=secret.yaml xr.yaml composition.yaml functions.yaml`.
+
 ### Run Config
 
 ```yaml

fn.go

@@ -60,6 +60,23 @@ func (f *Function) RunFunction(_ context.Context, req *fnv1.RunFunctionRequest)
 	if f.dependencies != "" {
 		in.Spec.Dependencies = f.dependencies + "\n" + in.Spec.Dependencies
 	}
+	// Add credentials
+	if creds, ok := req.Credentials["kcl-registry"]; ok {
+		data := creds.GetCredentialData()
+		if data != nil {
+			if password, ok := data.Data["password"]; ok {
+				in.Spec.Credentials.Password = string(password)
+				if username, ok := data.Data["username"]; ok {
+					in.Spec.Credentials.Username = string(username)
+				}
+				if url, ok := data.Data["url"]; ok {
+					in.Spec.Credentials.Url = string(url)
+				}
+			} else {
+				log.Info("Warning: required password not found in the credentials")
+			}
+		}
+	}
 	if err := in.Validate(); err != nil {
 		response.Fatal(rsp, errors.Wrap(err, "invalid function input"))
 		return rsp, nil