Merge pull request #433 from TailorBrands/enh/provider_multiple_clien…

…t_options adding support for multiple client options on connect
crossplane-contrib · Jun 7, 2022 · 666c10d · 666c10d
2 parents f21bcd6 + 6aa9db7
commit 666c10d
Show file tree

Hide file tree

Showing 28 changed files with 135 additions and 55 deletions.
diff --git a/apis/v1beta1/providerconfig_types.go b/apis/v1beta1/providerconfig_types.go
@@ -29,6 +29,10 @@ type ProviderConfigSpec struct {
 
 	// ProjectID is the project name (not numerical ID) of this GCP ProviderConfig.
 	ProjectID string `json:"projectID"`
+
+	// ClientOptions can override default Google API client options
+	//+optional
+	ClientOptions *ClientOptions `json:"clientOptions,omitempty"`
 }
 
 // ProviderCredentials required to authenticate.
@@ -40,6 +44,16 @@ type ProviderCredentials struct {
 	xpv1.CommonCredentialSelectors `json:",inline"`
 }
 
+// ClientOptions are options for a Google API client.
+type ClientOptions struct {
+	// Endpoint overrides the default endpoint.
+	//+optional
+	Endpoint *string `json:"endpoint,omitempty"`
+	// WithoutAuthentication - specifies that no authentication should be used. It is suitable only for testing and for accessing public resources.
+	//+optional
+	WithoutAuthentication *bool `json:"withoutAuthentication,omitempty"`
+}
+
 // A ProviderConfigStatus represents the status of a ProviderConfig.
 type ProviderConfigStatus struct {
 	xpv1.ProviderConfigStatus `json:",inline"`

diff --git a/apis/v1beta1/zz_generated.deepcopy.go b/apis/v1beta1/zz_generated.deepcopy.go
diff --git a/package/crds/gcp.crossplane.io_providerconfigs.yaml b/package/crds/gcp.crossplane.io_providerconfigs.yaml
@@ -51,6 +51,19 @@ spec:
           spec:
             description: A ProviderConfigSpec defines the desired state of a ProviderConfig.
             properties:
+              clientOptions:
+                description: ClientOptions can override default Google API client
+                  options
+                properties:
+                  endpoint:
+                    description: Endpoint overrides the default endpoint.
+                    type: string
+                  withoutAuthentication:
+                    description: WithoutAuthentication - specifies that no authentication
+                      should be used. It is suitable only for testing and for accessing
+                      public resources.
+                    type: boolean
+                type: object
               credentials:
                 description: Credentials required to authenticate to this provider.
                 properties:

diff --git a/pkg/clients/gcp.go b/pkg/clients/gcp.go
@@ -43,10 +43,10 @@ import (
 
 const scopeCloudPlatform = "https://www.googleapis.com/auth/cloud-platform"
 
-// GetAuthInfo returns the necessary authentication information that is necessary
+// GetConnectionInfo returns the necessary connection information that is necessary
 // to use when the controller connects to GCP API in order to reconcile the managed
 // resource.
-func GetAuthInfo(ctx context.Context, c client.Client, mg resource.Managed) (projectID string, opts option.ClientOption, err error) {
+func GetConnectionInfo(ctx context.Context, c client.Client, mg resource.Managed) (projectID string, opts []option.ClientOption, err error) {
 	switch {
 	case mg.GetProviderConfigReference() != nil:
 		return UseProviderConfig(ctx, c, mg)
@@ -59,7 +59,9 @@ func GetAuthInfo(ctx context.Context, c client.Client, mg resource.Managed) (pro
 
 // UseProvider to return GCP authentication information.
 // Deprecated: Use UseProviderConfig
-func UseProvider(ctx context.Context, c client.Client, mg resource.Managed) (projectID string, opts option.ClientOption, err error) {
+func UseProvider(ctx context.Context, c client.Client, mg resource.Managed) (projectID string, opts []option.ClientOption, err error) {
+	opts = make([]option.ClientOption, 0)
+
 	p := &v1alpha3.Provider{}
 	if err := c.Get(ctx, types.NamespacedName{Name: mg.GetProviderReference().Name}, p); err != nil {
 		return "", nil, err
@@ -70,11 +72,15 @@ func UseProvider(ctx context.Context, c client.Client, mg resource.Managed) (pro
 	if err := c.Get(ctx, types.NamespacedName{Name: ref.Name, Namespace: ref.Namespace}, s); err != nil {
 		return "", nil, err
 	}
-	return p.Spec.ProjectID, option.WithCredentialsJSON(s.Data[ref.Key]), nil
+
+	opts = append(opts, option.WithCredentialsJSON(s.Data[ref.Key]))
+	return p.Spec.ProjectID, opts, nil
 }
 
 // UseProviderConfig to return GCP authentication information.
-func UseProviderConfig(ctx context.Context, c client.Client, mg resource.Managed) (projectID string, opts option.ClientOption, err error) {
+func UseProviderConfig(ctx context.Context, c client.Client, mg resource.Managed) (projectID string, opts []option.ClientOption, err error) {
+	opts = make([]option.ClientOption, 0)
+
 	pc := &v1beta1.ProviderConfig{}
 	t := resource.NewProviderConfigUsageTracker(c, &v1beta1.ProviderConfigUsage{})
 	if err := t.Track(ctx, mg); err != nil {
@@ -83,20 +89,27 @@ func UseProviderConfig(ctx context.Context, c client.Client, mg resource.Managed
 	if err := c.Get(ctx, types.NamespacedName{Name: mg.GetProviderConfigReference().Name}, pc); err != nil {
 		return "", nil, err
 	}
+
+	if pc.Spec.ClientOptions != nil {
+		addClientOptions(pc.Spec.ClientOptions, &opts)
+	}
+
 	switch s := pc.Spec.Credentials.Source; s { //nolint:exhaustive
 	case xpv1.CredentialsSourceInjectedIdentity:
 		ts, err := google.DefaultTokenSource(ctx, scopeCloudPlatform)
 		if err != nil {
 			return "", nil, errors.Wrap(err, "cannot get application default credentials token")
 		}
-		return pc.Spec.ProjectID, option.WithTokenSource(ts), nil
+		opts = append(opts, option.WithTokenSource(ts))
 	default:
 		data, err := resource.CommonCredentialExtractor(ctx, pc.Spec.Credentials.Source, c, pc.Spec.Credentials.CommonCredentialSelectors)
 		if err != nil {
 			return "", nil, errors.Wrap(err, "cannot get credentials")
 		}
-		return pc.Spec.ProjectID, option.WithCredentialsJSON(data), nil
+		opts = append(opts, option.WithCredentialsJSON(data))
 	}
+
+	return pc.Spec.ProjectID, opts, nil
 }
 
 // IsErrorNotFoundGRPC gets a value indicating whether the given error represents
@@ -268,3 +281,13 @@ func EquateComputeURLs() cmp.Option {
 		return path.Base(ta) == path.Base(tb)
 	})
 }
+
+func addClientOptions(clientOptions *v1beta1.ClientOptions, opts *[]option.ClientOption) {
+	if clientOptions.Endpoint != nil {
+		*opts = append(*opts, option.WithEndpoint(*clientOptions.Endpoint))
+	}
+
+	if *clientOptions.WithoutAuthentication {
+		*opts = append(*opts, option.WithoutAuthentication())
+	}
+}
diff --git a/pkg/controller/cache/managed.go b/pkg/controller/cache/managed.go
@@ -86,11 +86,11 @@ type connecter struct {
 }
 
 func (c *connecter) Connect(ctx context.Context, mg resource.Managed) (managed.ExternalClient, error) {
-	projectID, opts, err := gcp.GetAuthInfo(ctx, c.client, mg)
+	projectID, opts, err := gcp.GetConnectionInfo(ctx, c.client, mg)
 	if err != nil {
 		return nil, err
 	}
-	s, err := redis.NewService(ctx, opts)
+	s, err := redis.NewService(ctx, opts...)
 	if err != nil {
 		return nil, errors.Wrap(err, errNewClient)
 	}

diff --git a/pkg/controller/compute/address.go b/pkg/controller/compute/address.go
@@ -80,11 +80,11 @@ type addressConnector struct {
 }
 
 func (c *addressConnector) Connect(ctx context.Context, mg resource.Managed) (managed.ExternalClient, error) {
-	projectID, opts, err := gcp.GetAuthInfo(ctx, c.kube, mg)
+	projectID, opts, err := gcp.GetConnectionInfo(ctx, c.kube, mg)
 	if err != nil {
 		return nil, err
 	}
-	s, err := compute.NewService(ctx, opts)
+	s, err := compute.NewService(ctx, opts...)
 	if err != nil {
 		return nil, errors.Wrap(err, errNewClient)
 	}

diff --git a/pkg/controller/compute/firewall.go b/pkg/controller/compute/firewall.go
@@ -82,11 +82,11 @@ type firewallConnector struct {
 }
 
 func (c *firewallConnector) Connect(ctx context.Context, mg resource.Managed) (managed.ExternalClient, error) {
-	projectID, opts, err := gcp.GetAuthInfo(ctx, c.kube, mg)
+	projectID, opts, err := gcp.GetConnectionInfo(ctx, c.kube, mg)
 	if err != nil {
 		return nil, err
 	}
-	s, err := compute.NewService(ctx, opts)
+	s, err := compute.NewService(ctx, opts...)
 	if err != nil {
 		return nil, errors.Wrap(err, errNewClient)
 	}

diff --git a/pkg/controller/compute/globaladdress.go b/pkg/controller/compute/globaladdress.go
@@ -81,11 +81,11 @@ type gaConnector struct {
 }
 
 func (c *gaConnector) Connect(ctx context.Context, mg resource.Managed) (managed.ExternalClient, error) {
-	projectID, opts, err := gcp.GetAuthInfo(ctx, c.kube, mg)
+	projectID, opts, err := gcp.GetConnectionInfo(ctx, c.kube, mg)
 	if err != nil {
 		return nil, err
 	}
-	s, err := compute.NewService(ctx, opts)
+	s, err := compute.NewService(ctx, opts...)
 	if err != nil {
 		return nil, errors.Wrap(err, errNewClient)
 	}

diff --git a/pkg/controller/compute/network.go b/pkg/controller/compute/network.go
@@ -85,11 +85,11 @@ type networkConnector struct {
 }
 
 func (c *networkConnector) Connect(ctx context.Context, mg resource.Managed) (managed.ExternalClient, error) {
-	projectID, opts, err := gcp.GetAuthInfo(ctx, c.kube, mg)
+	projectID, opts, err := gcp.GetConnectionInfo(ctx, c.kube, mg)
 	if err != nil {
 		return nil, err
 	}
-	s, err := compute.NewService(ctx, opts)
+	s, err := compute.NewService(ctx, opts...)
 	if err != nil {
 		return nil, errors.Wrap(err, errNewClient)
 	}

diff --git a/pkg/controller/compute/router.go b/pkg/controller/compute/router.go
@@ -81,11 +81,11 @@ type routerConnector struct {
 }
 
 func (c *routerConnector) Connect(ctx context.Context, mg resource.Managed) (managed.ExternalClient, error) {
-	projectID, opts, err := gcp.GetAuthInfo(ctx, c.kube, mg)
+	projectID, opts, err := gcp.GetConnectionInfo(ctx, c.kube, mg)
 	if err != nil {
 		return nil, err
 	}
-	s, err := compute.NewService(ctx, opts)
+	s, err := compute.NewService(ctx, opts...)
 	if err != nil {
 		return nil, errors.Wrap(err, errNewClient)
 	}

diff --git a/pkg/controller/compute/subnetwork.go b/pkg/controller/compute/subnetwork.go
@@ -85,11 +85,11 @@ type subnetworkConnector struct {
 }
 
 func (c *subnetworkConnector) Connect(ctx context.Context, mg resource.Managed) (managed.ExternalClient, error) {
-	projectID, opts, err := gcp.GetAuthInfo(ctx, c.kube, mg)
+	projectID, opts, err := gcp.GetConnectionInfo(ctx, c.kube, mg)
 	if err != nil {
 		return nil, err
 	}
-	s, err := googlecompute.NewService(ctx, opts)
+	s, err := googlecompute.NewService(ctx, opts...)
 	if err != nil {
 		return nil, errors.Wrap(err, errNewClient)
 	}

diff --git a/pkg/controller/container/cluster.go b/pkg/controller/container/cluster.go
@@ -84,11 +84,11 @@ type clusterConnector struct {
 }
 
 func (c *clusterConnector) Connect(ctx context.Context, mg resource.Managed) (managed.ExternalClient, error) {
-	projectID, opts, err := gcp.GetAuthInfo(ctx, c.kube, mg)
+	projectID, opts, err := gcp.GetConnectionInfo(ctx, c.kube, mg)
 	if err != nil {
 		return nil, err
 	}
-	s, err := container.NewService(ctx, opts)
+	s, err := container.NewService(ctx, opts...)
 	if err != nil {
 		return nil, errors.Wrap(err, errNewClient)
 	}

diff --git a/pkg/controller/container/nodepool.go b/pkg/controller/container/nodepool.go
@@ -82,11 +82,11 @@ type nodePoolConnector struct {
 }
 
 func (c *nodePoolConnector) Connect(ctx context.Context, mg resource.Managed) (managed.ExternalClient, error) {
-	projectID, opts, err := gcp.GetAuthInfo(ctx, c.kube, mg)
+	projectID, opts, err := gcp.GetConnectionInfo(ctx, c.kube, mg)
 	if err != nil {
 		return nil, err
 	}
-	s, err := container.NewService(ctx, opts)
+	s, err := container.NewService(ctx, opts...)
 	if err != nil {
 		return nil, errors.Wrap(err, errNewClient)
 	}

diff --git a/pkg/controller/database/cloudsql.go b/pkg/controller/database/cloudsql.go
@@ -88,11 +88,11 @@ type cloudsqlConnector struct {
 }
 
 func (c *cloudsqlConnector) Connect(ctx context.Context, mg resource.Managed) (managed.ExternalClient, error) {
-	projectID, opts, err := gcp.GetAuthInfo(ctx, c.kube, mg)
+	projectID, opts, err := gcp.GetConnectionInfo(ctx, c.kube, mg)
 	if err != nil {
 		return nil, err
 	}
-	s, err := sqladmin.NewService(ctx, opts)
+	s, err := sqladmin.NewService(ctx, opts...)
 	if err != nil {
 		return nil, errors.Wrap(err, errNewClient)
 	}

diff --git a/pkg/controller/dns/resource_record_set.go b/pkg/controller/dns/resource_record_set.go
@@ -82,11 +82,11 @@ type connector struct {
 }
 
 func (c *connector) Connect(ctx context.Context, mg resource.Managed) (managed.ExternalClient, error) {
-	projectID, opts, err := gcp.GetAuthInfo(ctx, c.kube, mg)
+	projectID, opts, err := gcp.GetConnectionInfo(ctx, c.kube, mg)
 	if err != nil {
 		return nil, err
 	}
-	d, err := dns.NewService(ctx, opts)
+	d, err := dns.NewService(ctx, opts...)
 	if err != nil {
 		return nil, errors.Wrap(err, errNewClient)
 	}

diff --git a/pkg/controller/iam/serviceaccount.go b/pkg/controller/iam/serviceaccount.go
@@ -81,11 +81,11 @@ type connecter struct {
 
 // Connect sets up iam client using credentials from the provider
 func (c *connecter) Connect(ctx context.Context, mg resource.Managed) (managed.ExternalClient, error) {
-	projectID, opts, err := gcp.GetAuthInfo(ctx, c.client, mg)
+	projectID, opts, err := gcp.GetConnectionInfo(ctx, c.client, mg)
 	if err != nil {
 		return nil, err
 	}
-	s, err := iamv1.NewService(ctx, opts)
+	s, err := iamv1.NewService(ctx, opts...)
 	if err != nil {
 		return nil, errors.Wrap(err, errNewClient)
 	}

diff --git a/pkg/controller/iam/serviceaccountkey.go b/pkg/controller/iam/serviceaccountkey.go
@@ -96,13 +96,13 @@ type serviceAccountKeyServiceConnector struct {
 
 // Connect sets up SA key external client using credentials from the provider
 func (c *serviceAccountKeyServiceConnector) Connect(ctx context.Context, mg resource.Managed) (managed.ExternalClient, error) {
-	_, opts, err := gcp.GetAuthInfo(ctx, c.client, mg)
+	_, opts, err := gcp.GetConnectionInfo(ctx, c.client, mg)
 
 	if err != nil {
 		return nil, err
 	}
 
-	s, err := iamv1.NewService(ctx, opts)
+	s, err := iamv1.NewService(ctx, opts...)
 
 	if err != nil {
 		return nil, errors.Wrap(err, errNewClient)

diff --git a/pkg/controller/iam/serviceaccountpolicy.go b/pkg/controller/iam/serviceaccountpolicy.go
@@ -77,11 +77,11 @@ type serviceAccountPolicyConnecter struct {
 
 // Connect sets up iam client using credentials from the provider
 func (c *serviceAccountPolicyConnecter) Connect(ctx context.Context, mg resource.Managed) (managed.ExternalClient, error) {
-	_, opts, err := gcp.GetAuthInfo(ctx, c.client, mg)
+	_, opts, err := gcp.GetConnectionInfo(ctx, c.client, mg)
 	if err != nil {
 		return nil, err
 	}
-	s, err := iamv1.NewService(ctx, opts)
+	s, err := iamv1.NewService(ctx, opts...)
 	if err != nil {
 		return nil, errors.Wrap(err, errNewClient)
 	}

diff --git a/pkg/controller/kms/cryptokey.go b/pkg/controller/kms/cryptokey.go
@@ -77,11 +77,11 @@ type cryptoKeyConnecter struct {
 
 // Connect sets up kms client using credentials from the provider
 func (c *cryptoKeyConnecter) Connect(ctx context.Context, mg resource.Managed) (managed.ExternalClient, error) {
-	_, opts, err := gcp.GetAuthInfo(ctx, c.client, mg)
+	_, opts, err := gcp.GetConnectionInfo(ctx, c.client, mg)
 	if err != nil {
 		return nil, err
 	}
-	s, err := kmsv1.NewService(ctx, opts)
+	s, err := kmsv1.NewService(ctx, opts...)
 	if err != nil {
 		return nil, errors.Wrap(err, errNewClient)
 	}