From b8d389e76af1b6596ff1d7a6bb4e2a93008404fa Mon Sep 17 00:00:00 2001 From: Teodor Pripoae Date: Wed, 11 Aug 2021 01:13:52 +0300 Subject: [PATCH] fix: use env var source for auth --- api/v1/rest_types.go | 9 ++- api/v1/zz_generated.deepcopy.go | 8 ++- config/base/deploy.yml | 7 ++- .../templating.flanksource.com_rests.yaml | 53 +++++++++++++++- config/deploy/crd.yml | 53 +++++++++++++++- config/deploy/operator.yml | 60 ++++++++++++++++++- config/manager/kustomization.yaml | 2 +- examples/rest.yml | 20 ++++++- k8s/rest_manager.go | 30 ++++++++-- test/e2e.go | 1 - 10 files changed, 222 insertions(+), 21 deletions(-) diff --git a/api/v1/rest_types.go b/api/v1/rest_types.go index ac9825e..5324d34 100644 --- a/api/v1/rest_types.go +++ b/api/v1/rest_types.go @@ -17,6 +17,7 @@ limitations under the License. package v1 import ( + "github.com/flanksource/kommons" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -27,7 +28,7 @@ type RESTSpec struct { // Auth may be used for http basic authentication // +optional - Auth RESTAuth `json:"auth,omitempty"` + Auth *RESTAuth `json:"auth,omitempty"` // Headers are optional http headers to be sent on the request // +optional @@ -42,9 +43,11 @@ type RESTSpec struct { type RESTAuth struct { // Username represents the HTTP Basic Auth username - Username string `json:"username,omitempty"` + Username kommons.EnvVarSource `json:"username,omitempty"` // Password represents the HTTP Basic Auth password - Password string `json:"password,omitempty"` + Password kommons.EnvVarSource `json:"password,omitempty"` + // Namespace where secret / config map is present + Namespace string `json:"namespace,omitempty"` } type RESTAction struct { diff --git a/api/v1/zz_generated.deepcopy.go b/api/v1/zz_generated.deepcopy.go index 2d2c436..de679da 100644 --- a/api/v1/zz_generated.deepcopy.go +++ b/api/v1/zz_generated.deepcopy.go @@ -139,6 +139,8 @@ func (in *RESTAction) DeepCopy() *RESTAction { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RESTAuth) DeepCopyInto(out *RESTAuth) { *out = *in + in.Username.DeepCopyInto(&out.Username) + in.Password.DeepCopyInto(&out.Password) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RESTAuth. @@ -186,7 +188,11 @@ func (in *RESTList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RESTSpec) DeepCopyInto(out *RESTSpec) { *out = *in - out.Auth = in.Auth + if in.Auth != nil { + in, out := &in.Auth, &out.Auth + *out = new(RESTAuth) + (*in).DeepCopyInto(*out) + } if in.Headers != nil { in, out := &in.Headers, &out.Headers *out = make(map[string]string, len(*in)) diff --git a/config/base/deploy.yml b/config/base/deploy.yml index e8dfbe2..845e05d 100644 --- a/config/base/deploy.yml +++ b/config/base/deploy.yml @@ -1,4 +1,9 @@ apiVersion: v1 +kind: Namespace +metadata: + name: template-operator +--- +apiVersion: v1 kind: ServiceAccount metadata: name: template-operator-manager @@ -116,7 +121,7 @@ spec: - --metrics-addr=0.0.0.0:8080 - --enable-leader-election - --sync-period=20s - image: flanksource/template-operator:v1 + image: flanksource/template-operator:dev name: manager resources: limits: diff --git a/config/crd/bases/templating.flanksource.com_rests.yaml b/config/crd/bases/templating.flanksource.com_rests.yaml index b4661c7..a2d171c 100644 --- a/config/crd/bases/templating.flanksource.com_rests.yaml +++ b/config/crd/bases/templating.flanksource.com_rests.yaml @@ -39,12 +39,61 @@ spec: auth: description: Auth may be used for http basic authentication properties: + namespace: + description: Namespace where secret / config map is present + type: string password: description: Password represents the HTTP Basic Auth password - type: string + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object username: description: Username represents the HTTP Basic Auth username - type: string + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object type: object headers: additionalProperties: diff --git a/config/deploy/crd.yml b/config/deploy/crd.yml index af22952..552e24c 100644 --- a/config/deploy/crd.yml +++ b/config/deploy/crd.yml @@ -37,12 +37,61 @@ spec: auth: description: Auth may be used for http basic authentication properties: + namespace: + description: Namespace where secret / config map is present + type: string password: description: Password represents the HTTP Basic Auth password - type: string + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object username: description: Username represents the HTTP Basic Auth username - type: string + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object type: object headers: additionalProperties: diff --git a/config/deploy/operator.yml b/config/deploy/operator.yml index 06556ac..690c9ce 100644 --- a/config/deploy/operator.yml +++ b/config/deploy/operator.yml @@ -1,3 +1,8 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: template-operator +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -37,12 +42,61 @@ spec: auth: description: Auth may be used for http basic authentication properties: + namespace: + description: Namespace where secret / config map is present + type: string password: description: Password represents the HTTP Basic Auth password - type: string + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object username: description: Username represents the HTTP Basic Auth username - type: string + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object type: object headers: additionalProperties: @@ -599,7 +653,7 @@ spec: - --metrics-addr=0.0.0.0:8080 - --enable-leader-election - --sync-period=20s - image: flanksource/template-operator:v1 + image: flanksource/template-operator:dev name: manager resources: limits: diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 8bf0d85..17e4bfa 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -5,4 +5,4 @@ kind: Kustomization images: - name: controller newName: flanksource/template-operator - newTag: v1 + newTag: dev diff --git a/examples/rest.yml b/examples/rest.yml index 47d5d85..b4ff38f 100644 --- a/examples/rest.yml +++ b/examples/rest.yml @@ -1,11 +1,27 @@ +apiVersion: v1 +kind: Secret +metadata: + name: "example-alertmanager-http-auth" + namespace: default +stringData: + username: foo + password: bar +--- apiVersion: templating.flanksource.com/v1 kind: REST metadata: name: "example-alertmanager" spec: auth: - username: foo - password: bar + username: + secretKeyRef: + name: example-alertmanager-http-auth + key: username + password: + secretKeyRef: + name: example-alertmanager-http-auth + key: password + namespace: default headers: Content-Type: application/json update: diff --git a/k8s/rest_manager.go b/k8s/rest_manager.go index 83d3e9a..62eb8ca 100644 --- a/k8s/rest_manager.go +++ b/k8s/rest_manager.go @@ -3,6 +3,7 @@ package k8s import ( "bytes" "context" + "encoding/base64" "encoding/json" "fmt" "io/ioutil" @@ -122,10 +123,15 @@ func (r *RESTManager) doRequest(ctx context.Context, rest *templatev1.REST, url, } } - fmt.Printf("Sending Request:\n") - fmt.Printf("URL: %s\n", newURL) - fmt.Printf("Method: %s\n", method) - fmt.Printf("Body:\n%s\n", newBody) + if rest.Spec.Auth != nil { + basicAuth, err := getRestAuthorization(r.Client, rest.Spec.Auth) + if err != nil { + return nil, errors.Wrap(err, "failed to generate basic auth") + } + req.Header.Set("Authorization", basicAuth) + } + + r.Log.V(3).Info("Sending Request:", "url", newURL, "method", method, "body", newBody) resp, err := client.Do(req) if err != nil { @@ -133,7 +139,7 @@ func (r *RESTManager) doRequest(ctx context.Context, rest *templatev1.REST, url, } defer resp.Body.Close() - fmt.Printf("Status code: %d\n", resp.StatusCode) + r.Log.V(3).Info("Response:", "statusCode", resp.StatusCode) bodyBytes, err := ioutil.ReadAll(resp.Body) if err != nil { @@ -215,3 +221,17 @@ func sameGeneration(rest *templatev1.REST) bool { return gen == rest.ObjectMeta.Generation } + +func getRestAuthorization(client *kommons.Client, auth *templatev1.RESTAuth) (string, error) { + _, username, err := client.GetEnvValue(kommons.EnvVar{Name: "username", ValueFrom: &auth.Username}, auth.Namespace) + if err != nil { + return "", errors.Wrap(err, "failed to get username value") + } + _, password, err := client.GetEnvValue(kommons.EnvVar{Name: "password", ValueFrom: &auth.Password}, auth.Namespace) + if err != nil { + return "", errors.Wrap(err, "failed to get username value") + } + + basicAuth := "Basic " + base64.StdEncoding.EncodeToString([]byte(username+":"+password)) + return basicAuth, nil +} diff --git a/test/e2e.go b/test/e2e.go index afbb754..61b00f5 100644 --- a/test/e2e.go +++ b/test/e2e.go @@ -794,7 +794,6 @@ metadata: spec: backup: bucket: e2e-postgres-backups - restic: false cpu: "0.5" memory: 6Gi parameters: