Skip to content

Commit

Permalink
Implementation of Chef External Secrets Provider (external-secrets#3127)
Browse files Browse the repository at this point in the history 
* Adding the details for chef provider secret store.

Issue: external-secrets#2905

This commit intends to add the chef provider structure to the existing list of external-secrets providers.
It defines the structure of the SecretStore and ClusterSecretStore for chef Provider.
The yaml resource will contain 3 important parts to identify and connect to chef server to reconcile secrets. They are:
1. serverurl: This is the URL to the chef server.
2. username: The username to connect to the chef server.
3. auth: The password to connect to the chef server. It is a reference to an already existing kubernetes secret containing the password.

This commit also contains the auto generated CRDs using the `make generate` command.

Signed-off-by: Subroto Roy <[email protected]>

* Implementation for Chef ESO provided

Signed-off-by: vardhanreddy13 <[email protected]>

* - implemented Chef eso, added required methods
- added unit test cases
- added sample documentation
Issue: external-secrets#2905

Signed-off-by: Sourav Patnaik <[email protected]>

* Added Documentation for Authentication

Signed-off-by: Subroto Roy <[email protected]>

* added documentation for Chef eso
Issue: external-secrets#2905

Signed-off-by: Sourav Patnaik <[email protected]>

* Updated chef ESO documentation

Signed-off-by: vardhanreddy13 <[email protected]>

* updated ValidateStore method signature
Issue: external-secrets#2905

Signed-off-by: Sourav Patnaik <[email protected]>

* made changes in chef provider to satisfy 'make docs'

Issue: external-secrets#2905

Signed-off-by: Sourav Patnaik <[email protected]>

* - updated code as per review comment, make reviewable suggestions
Issue: external-secrets#2905

Signed-off-by: Sourav Patnaik <[email protected]>

* modified chef provider code as per review comment

Issue: external-secrets#2905

Signed-off-by: Sourav Patnaik <[email protected]>

---------

Signed-off-by: Subroto Roy <[email protected]>
Signed-off-by: vardhanreddy13 <[email protected]>
Signed-off-by: Sourav Patnaik <[email protected]>
Co-authored-by: Subroto Roy <[email protected]>
Co-authored-by: vardhanreddy13 <[email protected]>
  • Loading branch information
@sourav977 @SubrotoRoy @vardhanreddy13
3 people authored Feb 14, 2024
1 parent e726087 commit a012f48
Show file tree
Hide file tree
Showing 16 changed files with 1,461 additions and 0 deletions.
38 changes: 38 additions & 0 deletions apis/externalsecrets/v1beta1/secretstore_chef_types.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package v1beta1

import (
esmeta "github.com/external-secrets/external-secrets/apis/meta/v1"
)

// ChefAuth contains a secretRef for credentials.
type ChefAuth struct {
SecretRef ChefAuthSecretRef `json:"secretRef"`
}

// ChefAuthSecretRef holds secret references for chef server login credentials.
type ChefAuthSecretRef struct {
// SecretKey is the Signing Key in PEM format, used for authentication.
SecretKey esmeta.SecretKeySelector `json:"privateKeySecretRef"`
}

// ChefProvider configures a store to sync secrets using basic chef server connection credentials.
type ChefProvider struct {
// Auth defines the information necessary to authenticate against chef Server
Auth *ChefAuth `json:"auth"`
// UserName should be the user ID on the chef server
UserName string `json:"username"`
// ServerURL is the chef server URL used to connect to. If using orgs you should include your org in the url and terminate the url with a "/"
ServerURL string `json:"serverUrl"`
}
4 changes: 4 additions & 0 deletions apis/externalsecrets/v1beta1/secretstore_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,10 @@ type SecretStoreProvider struct {
// https://docs.delinea.com/online-help/products/devops-secrets-vault/current
// +optional
Delinea *DelineaProvider `json:"delinea,omitempty"`

// Chef configures this store to sync secrets with chef server
// +optional
Chef *ChefProvider `json:"chef,omitempty"`
}

type CAProviderType string
Expand Down
57 changes: 57 additions & 0 deletions apis/externalsecrets/v1beta1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

50 changes: 50 additions & 0 deletions config/crds/bases/external-secrets.io_clustersecretstores.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2202,6 +2202,56 @@ spec:
required:
- vaultUrl
type: object
chef:
description: Chef configures this store to sync secrets with chef
server
properties:
auth:
description: Auth defines the information necessary to authenticate
against chef Server
properties:
secretRef:
description: ChefAuthSecretRef holds secret references
for chef server login credentials.
properties:
privateKeySecretRef:
description: SecretKey is the Signing Key in PEM format,
used for authentication.
properties:
key:
description: |-
The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
defaulted, in others it may be required.
type: string
name:
description: The name of the Secret resource being
referred to.
type: string
namespace:
description: |-
Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
to the namespace of the referent.
type: string
type: object
required:
- privateKeySecretRef
type: object
required:
- secretRef
type: object
serverUrl:
description: ServerURL is the chef server URL used to connect
to. If using orgs you should include your org in the url
and terminate the url with a "/"
type: string
username:
description: UserName should be the user ID on the chef server
type: string
required:
- auth
- serverUrl
- username
type: object
conjur:
description: Conjur configures this store to sync secrets using
conjur provider
Expand Down
50 changes: 50 additions & 0 deletions config/crds/bases/external-secrets.io_secretstores.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2202,6 +2202,56 @@ spec:
required:
- vaultUrl
type: object
chef:
description: Chef configures this store to sync secrets with chef
server
properties:
auth:
description: Auth defines the information necessary to authenticate
against chef Server
properties:
secretRef:
description: ChefAuthSecretRef holds secret references
for chef server login credentials.
properties:
privateKeySecretRef:
description: SecretKey is the Signing Key in PEM format,
used for authentication.
properties:
key:
description: |-
The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
defaulted, in others it may be required.
type: string
name:
description: The name of the Secret resource being
referred to.
type: string
namespace:
description: |-
Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
to the namespace of the referent.
type: string
type: object
required:
- privateKeySecretRef
type: object
required:
- secretRef
type: object
serverUrl:
description: ServerURL is the chef server URL used to connect
to. If using orgs you should include your org in the url
and terminate the url with a "/"
type: string
username:
description: UserName should be the user ID on the chef server
type: string
required:
- auth
- serverUrl
- username
type: object
conjur:
description: Conjur configures this store to sync secrets using
conjur provider
Expand Down
86 changes: 86 additions & 0 deletions deploy/crds/bundle.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2665,6 +2665,49 @@ spec:
required:
- vaultUrl
type: object
chef:
description: Chef configures this store to sync secrets with chef server
properties:
auth:
description: Auth defines the information necessary to authenticate against chef Server
properties:
secretRef:
description: ChefAuthSecretRef holds secret references for chef server login credentials.
properties:
privateKeySecretRef:
description: SecretKey is the Signing Key in PEM format, used for authentication.
properties:
key:
description: |-
The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
defaulted, in others it may be required.
type: string
name:
description: The name of the Secret resource being referred to.
type: string
namespace:
description: |-
Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
to the namespace of the referent.
type: string
type: object
required:
- privateKeySecretRef
type: object
required:
- secretRef
type: object
serverUrl:
description: ServerURL is the chef server URL used to connect to. If using orgs you should include your org in the url and terminate the url with a "/"
type: string
username:
description: UserName should be the user ID on the chef server
type: string
required:
- auth
- serverUrl
- username
type: object
conjur:
description: Conjur configures this store to sync secrets using conjur provider
properties:
Expand Down Expand Up @@ -7639,6 +7682,49 @@ spec:
required:
- vaultUrl
type: object
chef:
description: Chef configures this store to sync secrets with chef server
properties:
auth:
description: Auth defines the information necessary to authenticate against chef Server
properties:
secretRef:
description: ChefAuthSecretRef holds secret references for chef server login credentials.
properties:
privateKeySecretRef:
description: SecretKey is the Signing Key in PEM format, used for authentication.
properties:
key:
description: |-
The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
defaulted, in others it may be required.
type: string
name:
description: The name of the Secret resource being referred to.
type: string
namespace:
description: |-
Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
to the namespace of the referent.
type: string
type: object
required:
- privateKeySecretRef
type: object
required:
- secretRef
type: object
serverUrl:
description: ServerURL is the chef server URL used to connect to. If using orgs you should include your org in the url and terminate the url with a "/"
type: string
username:
description: UserName should be the user ID on the chef server
type: string
required:
- auth
- serverUrl
- username
type: object
conjur:
description: Conjur configures this store to sync secrets using conjur provider
properties:
Expand Down
Loading

0 comments on commit a012f48

Please sign in to comment.