├── examples ├── providerconfig │ ├── .gitignore │ ├── secret.yaml.tmpl │ └── providerconfig.yaml └── generic │ └── secret.yaml ├── cluster └── images │ ├── provider-jet-vault │ ├── Dockerfile │ └── Makefile │ └── provider-jet-vault-controller │ ├── terraformrc.hcl │ ├── Makefile │ └── Dockerfile ├── .gitmodules ├── .gitignore ├── package ├── crossplane.yaml └── crds │ ├── vault.jet.crossplane.io_providerconfigusages.yaml │ ├── vault.jet.crossplane.io_providerconfigs.yaml │ └── generic.vault.jet.crossplane.io_secrets.yaml ├── OWNERS.md ├── config ├── generic │ └── config.go └── provider.go ├── hack ├── boilerplate.go.txt └── prepare.sh ├── internal ├── controller │ ├── doc.go │ ├── zz_setup.go │ ├── providerconfig │ │ └── config.go │ └── generic │ │ └── secret │ │ └── zz_controller.go └── clients │ └── vault.go ├── .github ├── workflows │ ├── tag.yml │ ├── backport.yml │ ├── promote.yml │ ├── commands.yml │ └── ci.yml ├── ISSUE_TEMPLATE │ ├── feature_request.md │ ├── new_resource_request.md │ └── bug_report.md ├── PULL_REQUEST_TEMPLATE.md └── stale.yml ├── apis ├── v1alpha1 │ ├── doc.go │ ├── zz_generated.pculist.go │ ├── zz_generated.pc.go │ ├── zz_generated.pcu.go │ ├── register.go │ ├── types.go │ └── zz_generated.deepcopy.go ├── generic │ └── v1alpha1 │ │ ├── zz_generated.managedlist.go │ │ ├── zz_groupversion_info.go │ │ ├── zz_generated.managed.go │ │ ├── zz_secret_terraformed.go │ │ ├── zz_secret_types.go │ │ └── zz_generated.deepcopy.go ├── zz_register.go └── generate.go ├── cmd ├── generator │ └── main.go └── provider │ └── main.go ├── README.md ├── go.mod ├── Makefile ├── .golangci.yml └── LICENSE /examples/providerconfig/.gitignore: -------------------------------------------------------------------------------- 1 | secret.yaml 2 | -------------------------------------------------------------------------------- /cluster/images/provider-jet-vault/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM scratch 2 | 3 | COPY package.yaml . 4 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "build"] 2 | path = build 3 | url = https://github.com/upbound/build 4 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /.cache 2 | /.work 3 | /_output 4 | cover.out 5 | /vendor 6 | /.vendor-new 7 | .DS_Store 8 | 9 | # ignore IDE folders 10 | .vscode/ 11 | .idea/ 12 | -------------------------------------------------------------------------------- /package/crossplane.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: meta.pkg.crossplane.io/v1alpha1 2 | kind: Provider 3 | metadata: 4 | name: provider-jet-vault 5 | spec: 6 | controller: 7 | image: crossplane/provider-jet-vault-controller:VERSION -------------------------------------------------------------------------------- /cluster/images/provider-jet-vault-controller/terraformrc.hcl: -------------------------------------------------------------------------------- 1 | provider_installation { 2 | filesystem_mirror { 3 | path = "/terraform/provider-mirror" 4 | include = ["*/*"] 5 | } 6 | direct { 7 | exclude = ["*/*"] 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /examples/providerconfig/secret.yaml.tmpl: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: example-creds 5 | namespace: crossplane-system 6 | type: Opaque 7 | stringData: 8 | credentials: | 9 | { 10 | "address": "http://127.0.0.1:8200", 11 | "token": "your-token-here" 12 | } 13 | -------------------------------------------------------------------------------- /OWNERS.md: -------------------------------------------------------------------------------- 1 | ## Maintainers 2 | 3 | Please see the Crossplane 4 | [GOVERNANCE.md](https://github.com/crossplane/crossplane/blob/master/GOVERNANCE.md) for governance 5 | guidelines and responsibilities for the steering committee and maintainers. 6 | 7 | * Aaron Eaton ([maintainer1](https://github.com/AaronMe)) 8 | -------------------------------------------------------------------------------- /examples/providerconfig/providerconfig.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: vault.jet.crossplane.io/v1alpha1 2 | kind: ProviderConfig 3 | metadata: 4 | name: default 5 | spec: 6 | credentials: 7 | source: Secret 8 | secretRef: 9 | name: example-creds 10 | namespace: crossplane-system 11 | key: credentials 12 | -------------------------------------------------------------------------------- /examples/generic/secret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: generic.vault.jet.crossplane.io/v1alpha1 3 | kind: Secret 4 | metadata: 5 | name: example 6 | spec: 7 | forProvider: 8 | path: "secret/foo" 9 | dataJsonSecretRef: 10 | key: data_json 11 | name: example-data 12 | namespace: default 13 | 14 | --- 15 | apiVersion: v1 16 | kind: Secret 17 | metadata: 18 | name: example-data 19 | namespace: default 20 | stringData: 21 | data_json: | 22 | { 23 | "foo": "bar", 24 | "pizza": "cheese" 25 | } 26 | type: Opaque -------------------------------------------------------------------------------- /config/generic/config.go: -------------------------------------------------------------------------------- 1 | package generic 2 | 3 | import "github.com/crossplane/terrajet/pkg/config" 4 | 5 | // Configure configures individual resources by adding custom ResourceConfigurators. 6 | func Configure(p *config.Provider) { 7 | p.AddResourceConfigurator("vault_generic_secret", func(r *config.Resource) { 8 | 9 | // we need to override the default group that terrajet generated for 10 | // this resource, which would be "vault" 11 | r.ShortGroup = "generic" 12 | 13 | // we need to map data_json properly 14 | r.ExternalName = config.IdentifierFromProvider 15 | 16 | }) 17 | } 18 | -------------------------------------------------------------------------------- /hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Crossplane Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ -------------------------------------------------------------------------------- /internal/controller/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Crossplane Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package controller 18 | -------------------------------------------------------------------------------- /.github/workflows/tag.yml: -------------------------------------------------------------------------------- 1 | name: Tag 2 | 3 | on: 4 | workflow_dispatch: 5 | inputs: 6 | version: 7 | description: 'Release version (e.g. v0.1.0)' 8 | required: true 9 | message: 10 | description: 'Tag message' 11 | required: true 12 | 13 | jobs: 14 | create-tag: 15 | runs-on: ubuntu-18.04 16 | 17 | steps: 18 | - name: Checkout 19 | uses: actions/checkout@v2 20 | 21 | - name: Create Tag 22 | uses: negz/create-tag@v1 23 | with: 24 | version: ${{ github.event.inputs.version }} 25 | message: ${{ github.event.inputs.message }} 26 | token: ${{ secrets.GITHUB_TOKEN }} -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature Request 3 | about: Help us make Vault Provider more useful 4 | labels: enhancement 5 | --- 6 | 13 | 14 | ### What problem are you facing? 15 | 20 | 21 | ### How could Vault Provider help solve your problem? 22 | 25 | -------------------------------------------------------------------------------- /apis/v1alpha1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Crossplane Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package v1alpha1 contains the core resources of the vault jet provider. 18 | // +kubebuilder:object:generate=true 19 | // +groupName=vault.jet.crossplane.io 20 | // +versionName=v1alpha1 21 | package v1alpha1 22 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/new_resource_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: New Resource Request 3 | about: Help us know what resource you need is missing. 4 | labels: new-resource 5 | --- 6 | 13 | 14 | ### What resource do you need? 15 | 18 | 19 | 20 | ### What is your use case? 21 | 25 | 26 | ### Would you be willing to contribute it using [Terrajet](https://github.com/crossplane/terrajet)? 27 | 28 | -------------------------------------------------------------------------------- /apis/generic/v1alpha1/zz_generated.managedlist.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Crossplane Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by angryjet. DO NOT EDIT. 17 | 18 | package v1alpha1 19 | 20 | import resource "github.com/crossplane/crossplane-runtime/pkg/resource" 21 | 22 | // GetItems of this SecretList. 23 | func (l *SecretList) GetItems() []resource.Managed { 24 | items := make([]resource.Managed, len(l.Items)) 25 | for i := range l.Items { 26 | items[i] = &l.Items[i] 27 | } 28 | return items 29 | } 30 | -------------------------------------------------------------------------------- /apis/v1alpha1/zz_generated.pculist.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Crossplane Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by angryjet. DO NOT EDIT. 17 | 18 | package v1alpha1 19 | 20 | import resource "github.com/crossplane/crossplane-runtime/pkg/resource" 21 | 22 | // GetItems of this ProviderConfigUsageList. 23 | func (p *ProviderConfigUsageList) GetItems() []resource.ProviderConfigUsage { 24 | items := make([]resource.ProviderConfigUsage, len(p.Items)) 25 | for i := range p.Items { 26 | items[i] = &p.Items[i] 27 | } 28 | return items 29 | } 30 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | 8 | 9 | ### Description of your changes 10 | 11 | 20 | Fixes # 21 | 22 | I have: 23 | 24 | - [ ] Read and followed Crossplane's [contribution process]. 25 | - [ ] Run `make reviewable test` to ensure this PR is ready for review. 26 | 27 | ### How has this code been tested 28 | 29 | 34 | 35 | [contribution process]: https://git.io/fj2m9 36 | -------------------------------------------------------------------------------- /cmd/generator/main.go: -------------------------------------------------------------------------------- 1 | //go:build generate 2 | 3 | /* 4 | Copyright 2021 The Crossplane Authors. 5 | 6 | Licensed under the Apache License, Version 2.0 (the "License"); 7 | you may not use this file except in compliance with the License. 8 | You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, software 13 | distributed under the License is distributed on an "AS IS" BASIS, 14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | See the License for the specific language governing permissions and 16 | limitations under the License. 17 | */ 18 | 19 | package main 20 | 21 | import ( 22 | "fmt" 23 | "os" 24 | "path/filepath" 25 | 26 | "github.com/crossplane/terrajet/pkg/pipeline" 27 | 28 | "github.com/crossplane-contrib/provider-jet-vault/config" 29 | ) 30 | 31 | func main() { 32 | if len(os.Args) < 2 || os.Args[1] == "" { 33 | panic("root directory is required to be given as argument") 34 | } 35 | absRootDir, err := filepath.Abs(os.Args[1]) 36 | if err != nil { 37 | panic(fmt.Sprintf("cannot calculate the absolute path of %s", os.Args[1])) 38 | } 39 | pipeline.Run(config.GetProvider(), absRootDir) 40 | } 41 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug Report 3 | about: Help us diagnose and fix bugs in Vault Provider. 4 | labels: bug 5 | --- 6 | 13 | 14 | ### What happened? 15 | 19 | 20 | 21 | ### How can we reproduce it? 22 | 27 | 28 | ### What environment did it happen in? 29 | Crossplane version: 30 | Provider version: 31 | 32 | 42 | -------------------------------------------------------------------------------- /apis/v1alpha1/zz_generated.pc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Crossplane Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by angryjet. DO NOT EDIT. 17 | 18 | package v1alpha1 19 | 20 | import xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" 21 | 22 | // GetCondition of this ProviderConfig. 23 | func (p *ProviderConfig) GetCondition(ct xpv1.ConditionType) xpv1.Condition { 24 | return p.Status.GetCondition(ct) 25 | } 26 | 27 | // GetUsers of this ProviderConfig. 28 | func (p *ProviderConfig) GetUsers() int64 { 29 | return p.Status.Users 30 | } 31 | 32 | // SetConditions of this ProviderConfig. 33 | func (p *ProviderConfig) SetConditions(c ...xpv1.Condition) { 34 | p.Status.SetConditions(c...) 35 | } 36 | 37 | // SetUsers of this ProviderConfig. 38 | func (p *ProviderConfig) SetUsers(i int64) { 39 | p.Status.Users = i 40 | } 41 | -------------------------------------------------------------------------------- /internal/controller/zz_setup.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Crossplane Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package controller 18 | 19 | import ( 20 | ctrl "sigs.k8s.io/controller-runtime" 21 | 22 | "github.com/crossplane/terrajet/pkg/controller" 23 | 24 | secret "github.com/crossplane-contrib/provider-jet-vault/internal/controller/generic/secret" 25 | providerconfig "github.com/crossplane-contrib/provider-jet-vault/internal/controller/providerconfig" 26 | ) 27 | 28 | // Setup creates all controllers with the supplied logger and adds them to 29 | // the supplied manager. 30 | func Setup(mgr ctrl.Manager, o controller.Options) error { 31 | for _, setup := range []func(ctrl.Manager, controller.Options) error{ 32 | secret.Setup, 33 | providerconfig.Setup, 34 | } { 35 | if err := setup(mgr, o); err != nil { 36 | return err 37 | } 38 | } 39 | return nil 40 | } 41 | -------------------------------------------------------------------------------- /cluster/images/provider-jet-vault/Makefile: -------------------------------------------------------------------------------- 1 | # ==================================================================================== 2 | # Setup Project 3 | 4 | include ../../../build/makelib/common.mk 5 | 6 | # ==================================================================================== 7 | # Options 8 | 9 | include ../../../build/makelib/imagelight.mk 10 | 11 | # ==================================================================================== 12 | # Targets 13 | 14 | img.build: 15 | @$(INFO) docker build $(IMAGE) 16 | @$(MAKE) BUILD_ARGS="--load" img.build.shared 17 | @$(OK) docker build $(IMAGE) 18 | 19 | img.publish: 20 | @$(INFO) docker publish $(IMAGE) 21 | @$(MAKE) BUILD_ARGS="--push" img.build.shared 22 | @$(OK) docker publish $(IMAGE) 23 | 24 | img.build.shared: 25 | @cp Dockerfile $(IMAGE_TEMP_DIR) || $(FAIL) 26 | @cp -R ../../../package $(IMAGE_TEMP_DIR) || $(FAIL) 27 | @cd $(IMAGE_TEMP_DIR) && $(SED_CMD) 's|VERSION|$(VERSION)|g' package/crossplane.yaml || $(FAIL) 28 | @cd $(IMAGE_TEMP_DIR) && find package -type f -name '*.yaml' -exec cat {} >> 'package.yaml' \; -exec printf '\n---\n' \; || $(FAIL) 29 | @docker buildx build $(BUILD_ARGS) \ 30 | --platform $(IMAGE_PLATFORMS) \ 31 | -t $(IMAGE) \ 32 | $(IMAGE_TEMP_DIR) || $(FAIL) 33 | 34 | img.promote: 35 | @$(INFO) docker promote $(FROM_IMAGE) to $(TO_IMAGE) 36 | @docker buildx imagetools create -t $(TO_IMAGE) $(FROM_IMAGE) 37 | @$(OK) docker promote $(FROM_IMAGE) to $(TO_IMAGE) -------------------------------------------------------------------------------- /.github/stale.yml: -------------------------------------------------------------------------------- 1 | # Configuration for probot-stale - https://github.com/probot/stale 2 | 3 | # Number of days of inactivity before an Issue or Pull Request becomes stale 4 | daysUntilStale: 90 5 | 6 | # Number of days of inactivity before a stale Issue or Pull Request is closed. 7 | # Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale. 8 | daysUntilClose: 7 9 | 10 | # Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable 11 | exemptLabels: 12 | - security 13 | 14 | # Set to true to ignore issues in a project (defaults to false) 15 | exemptProjects: false 16 | 17 | # Set to true to ignore issues in a milestone (defaults to false) 18 | exemptMilestones: false 19 | 20 | # Label to use when marking as stale 21 | staleLabel: wontfix 22 | 23 | # Comment to post when marking as stale. Set to `false` to disable 24 | markComment: > 25 | This issue has been automatically marked as stale because it has not had 26 | recent activity. It will be closed if no further activity occurs. Thank you 27 | for your contributions. 28 | 29 | # Comment to post when closing a stale Issue or Pull Request. 30 | closeComment: > 31 | This issue has been automatically closed due to inactivity. Please re-open 32 | if this still requires investigation. 33 | 34 | # Limit the number of actions per hour, from 1-30. Default is 30 35 | limitPerRun: 30 36 | 37 | # Limit to only `issues` or `pulls` 38 | only: issues 39 | -------------------------------------------------------------------------------- /apis/v1alpha1/zz_generated.pcu.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Crossplane Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by angryjet. DO NOT EDIT. 17 | 18 | package v1alpha1 19 | 20 | import xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" 21 | 22 | // GetProviderConfigReference of this ProviderConfigUsage. 23 | func (p *ProviderConfigUsage) GetProviderConfigReference() xpv1.Reference { 24 | return p.ProviderConfigReference 25 | } 26 | 27 | // GetResourceReference of this ProviderConfigUsage. 28 | func (p *ProviderConfigUsage) GetResourceReference() xpv1.TypedReference { 29 | return p.ResourceReference 30 | } 31 | 32 | // SetProviderConfigReference of this ProviderConfigUsage. 33 | func (p *ProviderConfigUsage) SetProviderConfigReference(r xpv1.Reference) { 34 | p.ProviderConfigReference = r 35 | } 36 | 37 | // SetResourceReference of this ProviderConfigUsage. 38 | func (p *ProviderConfigUsage) SetResourceReference(r xpv1.TypedReference) { 39 | p.ResourceReference = r 40 | } 41 | -------------------------------------------------------------------------------- /.github/workflows/backport.yml: -------------------------------------------------------------------------------- 1 | name: Backport 2 | 3 | on: 4 | # NOTE(negz): This is a risky target, but we run this action only when and if 5 | # a PR is closed, then filter down to specifically merged PRs. We also don't 6 | # invoke any scripts, etc from within the repo. I believe the fact that we'll 7 | # be able to review PRs before this runs makes this fairly safe. 8 | # https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ 9 | pull_request_target: 10 | types: [closed] 11 | # See also commands.yml for the /backport triggered variant of this workflow. 12 | 13 | jobs: 14 | # NOTE(negz): I tested many backport GitHub actions before landing on this 15 | # one. Many do not support merge commits, or do not support pull requests with 16 | # more than one commit. This one does. It also handily links backport PRs with 17 | # new PRs, and provides commentary and instructions when it can't backport. 18 | # The main gotchas with this action are that it _only_ supports merge commits, 19 | # and that PRs _must_ be labelled before they're merged to trigger a backport. 20 | open-pr: 21 | runs-on: ubuntu-18.04 22 | if: github.event.pull_request.merged 23 | steps: 24 | - name: Checkout 25 | uses: actions/checkout@v2 26 | with: 27 | fetch-depth: 0 28 | 29 | - name: Open Backport PR 30 | uses: zeebe-io/backport-action@v0.0.4 31 | with: 32 | github_token: ${{ secrets.GITHUB_TOKEN }} 33 | github_workspace: ${{ github.workspace }} 34 | version: v0.0.4 35 | -------------------------------------------------------------------------------- /apis/zz_register.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Crossplane Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by terrajet. DO NOT EDIT. 18 | 19 | // Package apis contains Kubernetes API for the provider. 20 | package apis 21 | 22 | import ( 23 | "k8s.io/apimachinery/pkg/runtime" 24 | 25 | v1alpha1 "github.com/crossplane-contrib/provider-jet-vault/apis/generic/v1alpha1" 26 | v1alpha1apis "github.com/crossplane-contrib/provider-jet-vault/apis/v1alpha1" 27 | ) 28 | 29 | func init() { 30 | // Register the types with the Scheme so the components can map objects to GroupVersionKinds and back 31 | AddToSchemes = append(AddToSchemes, 32 | v1alpha1.SchemeBuilder.AddToScheme, 33 | v1alpha1apis.SchemeBuilder.AddToScheme, 34 | ) 35 | } 36 | 37 | // AddToSchemes may be used to add all resources defined in the project to a Scheme 38 | var AddToSchemes runtime.SchemeBuilder 39 | 40 | // AddToScheme adds all Resources to the Scheme 41 | func AddToScheme(s *runtime.Scheme) error { 42 | return AddToSchemes.AddToScheme(s) 43 | } 44 | -------------------------------------------------------------------------------- /apis/generic/v1alpha1/zz_groupversion_info.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Crossplane Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by terrajet. DO NOT EDIT. 18 | 19 | // +kubebuilder:object:generate=true 20 | // +groupName=generic.vault.jet.crossplane.io 21 | // +versionName=v1alpha1 22 | package v1alpha1 23 | 24 | import ( 25 | "k8s.io/apimachinery/pkg/runtime/schema" 26 | "sigs.k8s.io/controller-runtime/pkg/scheme" 27 | ) 28 | 29 | // Package type metadata. 30 | const ( 31 | CRDGroup = "generic.vault.jet.crossplane.io" 32 | CRDVersion = "v1alpha1" 33 | ) 34 | 35 | var ( 36 | // CRDGroupVersion is the API Group Version used to register the objects 37 | CRDGroupVersion = schema.GroupVersion{Group: CRDGroup, Version: CRDVersion} 38 | 39 | // SchemeBuilder is used to add go types to the GroupVersionKind scheme 40 | SchemeBuilder = &scheme.Builder{GroupVersion: CRDGroupVersion} 41 | 42 | // AddToScheme adds the types in this group-version to the given scheme. 43 | AddToScheme = SchemeBuilder.AddToScheme 44 | ) 45 | -------------------------------------------------------------------------------- /.github/workflows/promote.yml: -------------------------------------------------------------------------------- 1 | name: Promote 2 | 3 | on: 4 | workflow_dispatch: 5 | inputs: 6 | version: 7 | description: 'Release version (e.g. v0.1.0)' 8 | required: true 9 | channel: 10 | description: 'Release channel' 11 | required: true 12 | default: 'alpha' 13 | 14 | env: 15 | # Common users. We can't run a step 'if secrets.AWS_USR != ""' but we can run 16 | # a step 'if env.AWS_USR' != ""', so we copy these to succinctly test whether 17 | # credentials have been provided before trying to run steps that need them. 18 | DOCKER_USR: ${{ secrets.DOCKER_USR }} 19 | AWS_USR: ${{ secrets.AWS_USR }} 20 | 21 | jobs: 22 | promote-artifacts: 23 | runs-on: ubuntu-18.04 24 | 25 | steps: 26 | - name: Checkout 27 | uses: actions/checkout@v2 28 | with: 29 | submodules: true 30 | 31 | - name: Fetch History 32 | run: git fetch --prune --unshallow 33 | 34 | - name: Login to Docker 35 | uses: docker/login-action@v1 36 | if: env.DOCKER_USR != '' 37 | with: 38 | username: ${{ secrets.DOCKER_USR }} 39 | password: ${{ secrets.DOCKER_PSW }} 40 | 41 | - name: Promote Artifacts in S3 and Docker Hub 42 | if: env.AWS_USR != '' && env.DOCKER_USR != '' 43 | run: make -j2 promote BRANCH_NAME=${GITHUB_REF##*/} 44 | env: 45 | VERSION: ${{ github.event.inputs.version }} 46 | CHANNEL: ${{ github.event.inputs.channel }} 47 | AWS_ACCESS_KEY_ID: ${{ secrets.AWS_USR }} 48 | AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PSW }} 49 | -------------------------------------------------------------------------------- /cluster/images/provider-jet-vault-controller/Makefile: -------------------------------------------------------------------------------- 1 | # ==================================================================================== 2 | # Setup Project 3 | 4 | include ../../../build/makelib/common.mk 5 | 6 | # ==================================================================================== 7 | # Options 8 | 9 | include ../../../build/makelib/imagelight.mk 10 | 11 | # ==================================================================================== 12 | # Targets 13 | 14 | img.build: 15 | @$(INFO) docker build $(IMAGE) 16 | @$(MAKE) BUILD_ARGS="--load" img.build.shared 17 | @$(OK) docker build $(IMAGE) 18 | 19 | img.publish: 20 | @$(INFO) docker publish $(IMAGE) 21 | @$(MAKE) BUILD_ARGS="--push" img.build.shared 22 | @$(OK) docker publish $(IMAGE) 23 | 24 | img.build.shared: 25 | @cp Dockerfile $(IMAGE_TEMP_DIR) || $(FAIL) 26 | @cp terraformrc.hcl $(IMAGE_TEMP_DIR) || $(FAIL) 27 | @cp -r $(OUTPUT_DIR)/bin/ $(IMAGE_TEMP_DIR)/bin || $(FAIL) 28 | @cd $(IMAGE_TEMP_DIR) && $(SED_CMD) 's|BASEIMAGE|$(OSBASEIMAGE)|g' Dockerfile || $(FAIL) 29 | @docker buildx build $(BUILD_ARGS) \ 30 | --platform $(IMAGE_PLATFORMS) \ 31 | --build-arg TINI_VERSION=$(TINI_VERSION) \ 32 | --build-arg TERRAFORM_VERSION=$(TERRAFORM_VERSION) \ 33 | --build-arg TERRAFORM_PROVIDER_SOURCE=$(TERRAFORM_PROVIDER_SOURCE) \ 34 | --build-arg TERRAFORM_PROVIDER_VERSION=$(TERRAFORM_PROVIDER_VERSION) \ 35 | --build-arg TERRAFORM_PROVIDER_DOWNLOAD_NAME=$(TERRAFORM_PROVIDER_DOWNLOAD_NAME) \ 36 | --build-arg TERRAFORM_PROVIDER_DOWNLOAD_URL_PREFIX=$(TERRAFORM_PROVIDER_DOWNLOAD_URL_PREFIX) \ 37 | -t $(IMAGE) \ 38 | $(IMAGE_TEMP_DIR) || $(FAIL) 39 | 40 | img.promote: 41 | @$(INFO) docker promote $(FROM_IMAGE) to $(TO_IMAGE) 42 | @docker buildx imagetools create -t $(TO_IMAGE) $(FROM_IMAGE) 43 | @$(OK) docker promote $(FROM_IMAGE) to $(TO_IMAGE) -------------------------------------------------------------------------------- /config/provider.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Crossplane Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package config 18 | 19 | import ( 20 | // Note(turkenh): we are importing this to embed provider schema document 21 | _ "embed" 22 | 23 | tjconfig "github.com/crossplane/terrajet/pkg/config" 24 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" 25 | 26 | "github.com/crossplane-contrib/provider-jet-vault/config/generic" 27 | ) 28 | 29 | const ( 30 | resourcePrefix = "vault" 31 | modulePath = "github.com/crossplane-contrib/provider-jet-vault" 32 | ) 33 | 34 | //go:embed schema.json 35 | var providerSchema string 36 | 37 | // GetProvider returns provider configuration 38 | func GetProvider() *tjconfig.Provider { 39 | defaultResourceFn := func(name string, terraformResource *schema.Resource, opts ...tjconfig.ResourceOption) *tjconfig.Resource { 40 | r := tjconfig.DefaultResource(name, terraformResource) 41 | // Add any provider-specific defaulting here. For example: 42 | // r.ExternalName = tjconfig.IdentifierFromProvider 43 | return r 44 | } 45 | 46 | pc := tjconfig.NewProviderWithSchema([]byte(providerSchema), resourcePrefix, modulePath, 47 | tjconfig.WithDefaultResourceFn(defaultResourceFn), 48 | tjconfig.WithIncludeList([]string{ 49 | "vault_generic_secret$", 50 | })) 51 | 52 | for _, configure := range []func(provider *tjconfig.Provider){ 53 | generic.Configure, 54 | } { 55 | configure(pc) 56 | } 57 | 58 | pc.ConfigureResources() 59 | return pc 60 | } 61 | -------------------------------------------------------------------------------- /internal/controller/providerconfig/config.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Crossplane Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package providerconfig 18 | 19 | import ( 20 | ctrl "sigs.k8s.io/controller-runtime" 21 | "sigs.k8s.io/controller-runtime/pkg/source" 22 | 23 | "github.com/crossplane/crossplane-runtime/pkg/event" 24 | "github.com/crossplane/crossplane-runtime/pkg/reconciler/providerconfig" 25 | "github.com/crossplane/crossplane-runtime/pkg/resource" 26 | "github.com/crossplane/terrajet/pkg/controller" 27 | 28 | "github.com/crossplane-contrib/provider-jet-vault/apis/v1alpha1" 29 | ) 30 | 31 | // Setup adds a controller that reconciles ProviderConfigs by accounting for 32 | // their current usage. 33 | func Setup(mgr ctrl.Manager, o controller.Options) error { 34 | name := providerconfig.ControllerName(v1alpha1.ProviderConfigGroupKind) 35 | 36 | of := resource.ProviderConfigKinds{ 37 | Config: v1alpha1.ProviderConfigGroupVersionKind, 38 | UsageList: v1alpha1.ProviderConfigUsageListGroupVersionKind, 39 | } 40 | 41 | return ctrl.NewControllerManagedBy(mgr). 42 | Named(name). 43 | WithOptions(o.ForControllerRuntime()). 44 | For(&v1alpha1.ProviderConfig{}). 45 | Watches(&source.Kind{Type: &v1alpha1.ProviderConfigUsage{}}, &resource.EnqueueRequestForProviderConfig{}). 46 | Complete(providerconfig.NewReconciler(mgr, of, 47 | providerconfig.WithLogger(o.Logger.WithValues("controller", name)), 48 | providerconfig.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))))) 49 | } 50 | -------------------------------------------------------------------------------- /apis/generate.go: -------------------------------------------------------------------------------- 1 | //go:build generate 2 | // +build generate 3 | 4 | /* 5 | Copyright 2021 The Crossplane Authors. 6 | 7 | Licensed under the Apache License, Version 2.0 (the "License"); 8 | you may not use this file except in compliance with the License. 9 | You may obtain a copy of the License at 10 | 11 | http://www.apache.org/licenses/LICENSE-2.0 12 | 13 | Unless required by applicable law or agreed to in writing, software 14 | distributed under the License is distributed on an "AS IS" BASIS, 15 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | See the License for the specific language governing permissions and 17 | limitations under the License. 18 | */ 19 | 20 | // NOTE: See the below link for details on what is happening here. 21 | // https://github.com/golang/go/wiki/Modules#how-can-i-track-tool-dependencies-for-a-module 22 | 23 | // Remove existing CRDs 24 | //go:generate rm -rf ../package/crds 25 | 26 | // Remove generated files 27 | //go:generate bash -c "find . -iname 'zz_*' -delete" 28 | //go:generate bash -c "find . -type d -empty -delete" 29 | //go:generate bash -c "find ../internal/controller -iname 'zz_*' -delete" 30 | //go:generate bash -c "find ../internal/controller -type d -empty -delete" 31 | 32 | // Run Terrajet generator 33 | //go:generate go run -tags generate ../cmd/generator/main.go .. "${TERRAFORM_PROVIDER_SOURCE}" 34 | 35 | // Generate deepcopy methodsets and CRD manifests 36 | //go:generate go run -tags generate sigs.k8s.io/controller-tools/cmd/controller-gen object:headerFile=../hack/boilerplate.go.txt paths=./... crd:allowDangerousTypes=true,crdVersions=v1 output:artifacts:config=../package/crds 37 | 38 | // Generate crossplane-runtime methodsets (resource.Claim, etc) 39 | //go:generate go run -tags generate github.com/crossplane/crossplane-tools/cmd/angryjet generate-methodsets --header-file=../hack/boilerplate.go.txt ./... 40 | 41 | package apis 42 | 43 | import ( 44 | _ "sigs.k8s.io/controller-tools/cmd/controller-gen" //nolint:typecheck 45 | 46 | _ "github.com/crossplane/crossplane-tools/cmd/angryjet" //nolint:typecheck 47 | ) 48 | -------------------------------------------------------------------------------- /cluster/images/provider-jet-vault-controller/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.13 2 | RUN apk --no-cache add ca-certificates bash 3 | 4 | ARG TARGETOS 5 | ARG TARGETARCH 6 | ARG TINI_VERSION 7 | ENV USER_ID=1001 8 | 9 | # Setup Terraform environment 10 | 11 | ## Provider-dependent configuration 12 | ARG TERRAFORM_VERSION 13 | ARG TERRAFORM_PROVIDER_SOURCE 14 | ARG TERRAFORM_PROVIDER_VERSION 15 | ARG TERRAFORM_PROVIDER_DOWNLOAD_NAME 16 | ARG TERRAFORM_PROVIDER_DOWNLOAD_URL_PREFIX 17 | ## End of - Provider-dependent configuration 18 | 19 | ENV PLUGIN_DIR /terraform/provider-mirror/registry.terraform.io/${TERRAFORM_PROVIDER_SOURCE}/${TERRAFORM_PROVIDER_VERSION}/linux_${TARGETARCH} 20 | ENV TF_CLI_CONFIG_FILE /terraform/.terraformrc 21 | ENV TF_FORK 0 22 | 23 | RUN mkdir -p ${PLUGIN_DIR} 24 | 25 | ADD https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_${TARGETARCH}.zip /tmp 26 | ADD ${TERRAFORM_PROVIDER_DOWNLOAD_URL_PREFIX}/${TERRAFORM_PROVIDER_DOWNLOAD_NAME}_${TERRAFORM_PROVIDER_VERSION}_linux_${TARGETARCH}.zip /tmp 27 | 28 | ADD terraformrc.hcl ${TF_CLI_CONFIG_FILE} 29 | 30 | RUN unzip /tmp/terraform_${TERRAFORM_VERSION}_linux_${TARGETARCH}.zip -d /usr/local/bin \ 31 | && chmod +x /usr/local/bin/terraform \ 32 | && rm /tmp/terraform_${TERRAFORM_VERSION}_linux_${TARGETARCH}.zip \ 33 | && unzip /tmp/${TERRAFORM_PROVIDER_DOWNLOAD_NAME}_${TERRAFORM_PROVIDER_VERSION}_linux_${TARGETARCH}.zip -d ${PLUGIN_DIR} \ 34 | && chmod +x ${PLUGIN_DIR}/* \ 35 | && rm /tmp/${TERRAFORM_PROVIDER_DOWNLOAD_NAME}_${TERRAFORM_PROVIDER_VERSION}_linux_${TARGETARCH}.zip \ 36 | && chown -R ${USER_ID}:${USER_ID} /terraform 37 | # End of - Setup Terraform environment 38 | 39 | ADD bin/$TARGETOS\_$TARGETARCH/provider /usr/local/bin/crossplane-provider 40 | 41 | # Provider controller needs these environment variable at runtime 42 | ENV TERRAFORM_VERSION ${TERRAFORM_VERSION} 43 | ENV TERRAFORM_PROVIDER_SOURCE ${TERRAFORM_PROVIDER_SOURCE} 44 | ENV TERRAFORM_PROVIDER_VERSION ${TERRAFORM_PROVIDER_VERSION} 45 | 46 | USER ${USER_ID} 47 | EXPOSE 8080 48 | 49 | ENTRYPOINT ["crossplane-provider"] 50 | -------------------------------------------------------------------------------- /hack/prepare.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2021 The Crossplane Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # Please set ProviderNameLower & ProviderNameUpper environment variables before running this script. 18 | # See: https://github.com/crossplane/terrajet/blob/main/docs/generating-a-provider.md 19 | set -euo pipefail 20 | 21 | REPLACE_FILES='./* ./.github :!build/** :!go.* :!hack/prepare.sh' 22 | # shellcheck disable=SC2086 23 | git grep -l 'template' -- ${REPLACE_FILES} | xargs sed -i.bak "s/template/${ProviderNameLower}/g" 24 | # shellcheck disable=SC2086 25 | git grep -l 'Template' -- ${REPLACE_FILES} | xargs sed -i.bak "s/Template/${ProviderNameUpper}/g" 26 | # We need to be careful while replacing "template" keyword in go.mod as it could tamper 27 | # some imported packages under require section. 28 | sed -i.bak "s/provider-jet-template/provider-jet-${ProviderNameLower}/g" go.mod 29 | 30 | # Clean up the .bak files created by sed 31 | git clean -fd 32 | 33 | git mv "internal/clients/template.go" "internal/clients/${ProviderNameLower}.go" 34 | git mv "cluster/images/provider-jet-template" "cluster/images/provider-jet-${ProviderNameLower}" 35 | git mv "cluster/images/provider-jet-template-controller" "cluster/images/provider-jet-${ProviderNameLower}-controller" 36 | 37 | # We need to remove this api folder otherwise first `make generate` fails with 38 | # the following error probably due to some optimizations in go generate with v1.17: 39 | # generate: open /Users/hasanturken/Workspace/crossplane-contrib/provider-jet-template/apis/null/v1alpha1/zz_generated.deepcopy.go: no such file or directory 40 | rm -rf apis/null -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Terrajet Vault Provider 2 | 3 | `provider-jet-vault` is a [Crossplane](https://crossplane.io/) provider that 4 | is built using [Terrajet](https://github.com/crossplane/terrajet) code 5 | generation tools and exposes XRM-conformant managed resources for the 6 | Vault API. 7 | 8 | ## Getting Started 9 | 10 | Install the provider by using the following command after changing the image tag 11 | to the [latest release](https://github.com/crossplane-contrib/provider-jet-vault/releases): 12 | ``` 13 | kubectl crossplane install provider crossplane/provider-jet-vault:v0.1.0 14 | ``` 15 | 16 | You can see the API reference [here](https://doc.crds.dev/github.com/crossplane-contrib/provider-jet-vault). 17 | 18 | ## Developing 19 | 20 | Run code-generation pipeline: 21 | ```console 22 | go run cmd/generator/main.go 23 | ``` 24 | 25 | Run against a Kubernetes cluster: 26 | 27 | ```console 28 | make run 29 | ``` 30 | 31 | Build, push, and install: 32 | 33 | ```console 34 | make all 35 | ``` 36 | 37 | Build image: 38 | 39 | ```console 40 | make image 41 | ``` 42 | 43 | Push image: 44 | 45 | ```console 46 | make push 47 | ``` 48 | 49 | Build binary: 50 | 51 | ```console 52 | make build 53 | ``` 54 | 55 | ## Report a Bug 56 | 57 | For filing bugs, suggesting improvements, or requesting new features, please 58 | open an [issue](https://github.com/crossplane-contrib/provider-jet-vault/issues). 59 | 60 | ## Contact 61 | 62 | Please use the following to reach members of the community: 63 | 64 | * Slack: Join our [slack channel](https://slack.crossplane.io) 65 | * Forums: 66 | [crossplane-dev](https://groups.google.com/forum/#!forum/crossplane-dev) 67 | * Twitter: [@crossplane_io](https://twitter.com/crossplane_io) 68 | * Email: [info@crossplane.io](mailto:info@crossplane.io) 69 | 70 | ## Governance and Owners 71 | 72 | provider-jet-vault is run according to the same 73 | [Governance](https://github.com/crossplane/crossplane/blob/master/GOVERNANCE.md) 74 | and [Ownership](https://github.com/crossplane/crossplane/blob/master/OWNERS.md) 75 | structure as the core Crossplane project. 76 | 77 | ## Code of Conduct 78 | 79 | provider-jet-vault adheres to the same [Code of 80 | Conduct](https://github.com/crossplane/crossplane/blob/master/CODE_OF_CONDUCT.md) 81 | as the core Crossplane project. 82 | 83 | ## Licensing 84 | 85 | provider-jet-vault is under the Apache 2.0 license. 86 | -------------------------------------------------------------------------------- /internal/controller/generic/secret/zz_controller.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Crossplane Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by terrajet. DO NOT EDIT. 18 | 19 | package secret 20 | 21 | import ( 22 | "time" 23 | 24 | "github.com/crossplane/crossplane-runtime/pkg/event" 25 | "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" 26 | "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" 27 | xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" 28 | tjcontroller "github.com/crossplane/terrajet/pkg/controller" 29 | "github.com/crossplane/terrajet/pkg/terraform" 30 | ctrl "sigs.k8s.io/controller-runtime" 31 | 32 | v1alpha1 "github.com/crossplane-contrib/provider-jet-vault/apis/generic/v1alpha1" 33 | ) 34 | 35 | // Setup adds a controller that reconciles Secret managed resources. 36 | func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { 37 | name := managed.ControllerName(v1alpha1.Secret_GroupVersionKind.String()) 38 | var initializers managed.InitializerChain 39 | r := managed.NewReconciler(mgr, 40 | xpresource.ManagedKind(v1alpha1.Secret_GroupVersionKind), 41 | managed.WithExternalConnecter(tjcontroller.NewConnector(mgr.GetClient(), o.WorkspaceStore, o.SetupFn, o.Provider.Resources["vault_generic_secret"])), 42 | managed.WithLogger(o.Logger.WithValues("controller", name)), 43 | managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), 44 | managed.WithFinalizer(terraform.NewWorkspaceFinalizer(o.WorkspaceStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), 45 | managed.WithTimeout(3*time.Minute), 46 | managed.WithInitializers(initializers), 47 | ) 48 | 49 | return ctrl.NewControllerManagedBy(mgr). 50 | Named(name). 51 | WithOptions(o.ForControllerRuntime()). 52 | For(&v1alpha1.Secret{}). 53 | Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) 54 | } 55 | -------------------------------------------------------------------------------- /apis/generic/v1alpha1/zz_generated.managed.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Crossplane Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by angryjet. DO NOT EDIT. 17 | 18 | package v1alpha1 19 | 20 | import xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" 21 | 22 | // GetCondition of this Secret. 23 | func (mg *Secret) GetCondition(ct xpv1.ConditionType) xpv1.Condition { 24 | return mg.Status.GetCondition(ct) 25 | } 26 | 27 | // GetDeletionPolicy of this Secret. 28 | func (mg *Secret) GetDeletionPolicy() xpv1.DeletionPolicy { 29 | return mg.Spec.DeletionPolicy 30 | } 31 | 32 | // GetProviderConfigReference of this Secret. 33 | func (mg *Secret) GetProviderConfigReference() *xpv1.Reference { 34 | return mg.Spec.ProviderConfigReference 35 | } 36 | 37 | /* 38 | GetProviderReference of this Secret. 39 | Deprecated: Use GetProviderConfigReference. 40 | */ 41 | func (mg *Secret) GetProviderReference() *xpv1.Reference { 42 | return mg.Spec.ProviderReference 43 | } 44 | 45 | // GetWriteConnectionSecretToReference of this Secret. 46 | func (mg *Secret) GetWriteConnectionSecretToReference() *xpv1.SecretReference { 47 | return mg.Spec.WriteConnectionSecretToReference 48 | } 49 | 50 | // SetConditions of this Secret. 51 | func (mg *Secret) SetConditions(c ...xpv1.Condition) { 52 | mg.Status.SetConditions(c...) 53 | } 54 | 55 | // SetDeletionPolicy of this Secret. 56 | func (mg *Secret) SetDeletionPolicy(r xpv1.DeletionPolicy) { 57 | mg.Spec.DeletionPolicy = r 58 | } 59 | 60 | // SetProviderConfigReference of this Secret. 61 | func (mg *Secret) SetProviderConfigReference(r *xpv1.Reference) { 62 | mg.Spec.ProviderConfigReference = r 63 | } 64 | 65 | /* 66 | SetProviderReference of this Secret. 67 | Deprecated: Use SetProviderConfigReference. 68 | */ 69 | func (mg *Secret) SetProviderReference(r *xpv1.Reference) { 70 | mg.Spec.ProviderReference = r 71 | } 72 | 73 | // SetWriteConnectionSecretToReference of this Secret. 74 | func (mg *Secret) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { 75 | mg.Spec.WriteConnectionSecretToReference = r 76 | } 77 | -------------------------------------------------------------------------------- /apis/v1alpha1/register.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Crossplane Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1alpha1 18 | 19 | import ( 20 | "reflect" 21 | 22 | "k8s.io/apimachinery/pkg/runtime/schema" 23 | "sigs.k8s.io/controller-runtime/pkg/scheme" 24 | ) 25 | 26 | // Package type metadata. 27 | const ( 28 | Group = "vault.jet.crossplane.io" 29 | Version = "v1alpha1" 30 | ) 31 | 32 | var ( 33 | // SchemeGroupVersion is group version used to register these objects 34 | SchemeGroupVersion = schema.GroupVersion{Group: Group, Version: Version} 35 | 36 | // SchemeBuilder is used to add go types to the GroupVersionKind scheme 37 | SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion} 38 | ) 39 | 40 | // ProviderConfig type metadata. 41 | var ( 42 | ProviderConfigKind = reflect.TypeOf(ProviderConfig{}).Name() 43 | ProviderConfigGroupKind = schema.GroupKind{Group: Group, Kind: ProviderConfigKind}.String() 44 | ProviderConfigKindAPIVersion = ProviderConfigKind + "." + SchemeGroupVersion.String() 45 | ProviderConfigGroupVersionKind = SchemeGroupVersion.WithKind(ProviderConfigKind) 46 | ) 47 | 48 | // ProviderConfigUsage type metadata. 49 | var ( 50 | ProviderConfigUsageKind = reflect.TypeOf(ProviderConfigUsage{}).Name() 51 | ProviderConfigUsageGroupKind = schema.GroupKind{Group: Group, Kind: ProviderConfigUsageKind}.String() 52 | ProviderConfigUsageKindAPIVersion = ProviderConfigUsageKind + "." + SchemeGroupVersion.String() 53 | ProviderConfigUsageGroupVersionKind = SchemeGroupVersion.WithKind(ProviderConfigUsageKind) 54 | 55 | ProviderConfigUsageListKind = reflect.TypeOf(ProviderConfigUsageList{}).Name() 56 | ProviderConfigUsageListGroupKind = schema.GroupKind{Group: Group, Kind: ProviderConfigUsageListKind}.String() 57 | ProviderConfigUsageListKindAPIVersion = ProviderConfigUsageListKind + "." + SchemeGroupVersion.String() 58 | ProviderConfigUsageListGroupVersionKind = SchemeGroupVersion.WithKind(ProviderConfigUsageListKind) 59 | ) 60 | 61 | func init() { 62 | SchemeBuilder.Register(&ProviderConfig{}, &ProviderConfigList{}) 63 | SchemeBuilder.Register(&ProviderConfigUsage{}, &ProviderConfigUsageList{}) 64 | } 65 | -------------------------------------------------------------------------------- /.github/workflows/commands.yml: -------------------------------------------------------------------------------- 1 | name: Comment Commands 2 | 3 | on: issue_comment 4 | 5 | jobs: 6 | points: 7 | runs-on: ubuntu-18.04 8 | if: startsWith(github.event.comment.body, '/points') 9 | 10 | steps: 11 | - name: Extract Command 12 | id: command 13 | uses: xt0rted/slash-command-action@v1 14 | with: 15 | repo-token: ${{ secrets.GITHUB_TOKEN }} 16 | command: points 17 | reaction: "true" 18 | reaction-type: "eyes" 19 | allow-edits: "false" 20 | permission-level: write 21 | - name: Handle Command 22 | uses: actions/github-script@v4 23 | env: 24 | POINTS: ${{ steps.command.outputs.command-arguments }} 25 | with: 26 | github-token: ${{ secrets.GITHUB_TOKEN }} 27 | script: | 28 | const points = process.env.POINTS 29 | 30 | if (isNaN(parseInt(points))) { 31 | console.log("Malformed command - expected '/points '") 32 | github.reactions.createForIssueComment({ 33 | owner: context.repo.owner, 34 | repo: context.repo.repo, 35 | comment_id: context.payload.comment.id, 36 | content: "confused" 37 | }) 38 | return 39 | } 40 | const label = "points/" + points 41 | 42 | // Delete our needs-points-label label. 43 | try { 44 | await github.issues.deleteLabel({ 45 | issue_number: context.issue.number, 46 | owner: context.repo.owner, 47 | repo: context.repo.repo, 48 | name: ['needs-points-label'] 49 | }) 50 | console.log("Deleted 'needs-points-label' label.") 51 | } 52 | catch(e) { 53 | console.log("Label 'needs-points-label' probably didn't exist.") 54 | } 55 | 56 | // Add our points label. 57 | github.issues.addLabels({ 58 | issue_number: context.issue.number, 59 | owner: context.repo.owner, 60 | repo: context.repo.repo, 61 | labels: [label] 62 | }) 63 | console.log("Added '" + label + "' label.") 64 | 65 | # NOTE(negz): See also backport.yml, which is the variant that triggers on PR 66 | # merge rather than on comment. 67 | backport: 68 | runs-on: ubuntu-18.04 69 | if: github.event.issue.pull_request && startsWith(github.event.comment.body, '/backport') 70 | steps: 71 | - name: Extract Command 72 | id: command 73 | uses: xt0rted/slash-command-action@v1 74 | with: 75 | repo-token: ${{ secrets.GITHUB_TOKEN }} 76 | command: backport 77 | reaction: "true" 78 | reaction-type: "eyes" 79 | allow-edits: "false" 80 | permission-level: write 81 | 82 | - name: Checkout 83 | uses: actions/checkout@v2 84 | with: 85 | fetch-depth: 0 86 | 87 | - name: Open Backport PR 88 | uses: zeebe-io/backport-action@v0.0.4 89 | with: 90 | github_token: ${{ secrets.GITHUB_TOKEN }} 91 | github_workspace: ${{ github.workspace }} 92 | version: v0.0.4 93 | -------------------------------------------------------------------------------- /package/crds/vault.jet.crossplane.io_providerconfigusages.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | controller-gen.kubebuilder.io/version: v0.8.0 7 | creationTimestamp: null 8 | name: providerconfigusages.vault.jet.crossplane.io 9 | spec: 10 | group: vault.jet.crossplane.io 11 | names: 12 | categories: 13 | - crossplane 14 | - provider 15 | - vaultjet 16 | kind: ProviderConfigUsage 17 | listKind: ProviderConfigUsageList 18 | plural: providerconfigusages 19 | singular: providerconfigusage 20 | scope: Cluster 21 | versions: 22 | - additionalPrinterColumns: 23 | - jsonPath: .metadata.creationTimestamp 24 | name: AGE 25 | type: date 26 | - jsonPath: .providerConfigRef.name 27 | name: CONFIG-NAME 28 | type: string 29 | - jsonPath: .resourceRef.kind 30 | name: RESOURCE-KIND 31 | type: string 32 | - jsonPath: .resourceRef.name 33 | name: RESOURCE-NAME 34 | type: string 35 | name: v1alpha1 36 | schema: 37 | openAPIV3Schema: 38 | description: A ProviderConfigUsage indicates that a resource is using a ProviderConfig. 39 | properties: 40 | apiVersion: 41 | description: 'APIVersion defines the versioned schema of this representation 42 | of an object. Servers should convert recognized schemas to the latest 43 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 44 | type: string 45 | kind: 46 | description: 'Kind is a string value representing the REST resource this 47 | object represents. Servers may infer this from the endpoint the client 48 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 49 | type: string 50 | metadata: 51 | type: object 52 | providerConfigRef: 53 | description: ProviderConfigReference to the provider config being used. 54 | properties: 55 | name: 56 | description: Name of the referenced object. 57 | type: string 58 | required: 59 | - name 60 | type: object 61 | resourceRef: 62 | description: ResourceReference to the managed resource using the provider 63 | config. 64 | properties: 65 | apiVersion: 66 | description: APIVersion of the referenced object. 67 | type: string 68 | kind: 69 | description: Kind of the referenced object. 70 | type: string 71 | name: 72 | description: Name of the referenced object. 73 | type: string 74 | uid: 75 | description: UID of the referenced object. 76 | type: string 77 | required: 78 | - apiVersion 79 | - kind 80 | - name 81 | type: object 82 | required: 83 | - providerConfigRef 84 | - resourceRef 85 | type: object 86 | served: true 87 | storage: true 88 | subresources: {} 89 | status: 90 | acceptedNames: 91 | kind: "" 92 | plural: "" 93 | conditions: [] 94 | storedVersions: [] 95 | -------------------------------------------------------------------------------- /apis/generic/v1alpha1/zz_secret_terraformed.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Crossplane Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by terrajet. DO NOT EDIT. 18 | 19 | package v1alpha1 20 | 21 | import ( 22 | "github.com/pkg/errors" 23 | 24 | "github.com/crossplane/terrajet/pkg/resource" 25 | "github.com/crossplane/terrajet/pkg/resource/json" 26 | ) 27 | 28 | // GetTerraformResourceType returns Terraform resource type for this Secret 29 | func (mg *Secret) GetTerraformResourceType() string { 30 | return "vault_generic_secret" 31 | } 32 | 33 | // GetConnectionDetailsMapping for this Secret 34 | func (tr *Secret) GetConnectionDetailsMapping() map[string]string { 35 | return map[string]string{"data": "status.atProvider.data", "data_json": "spec.forProvider.dataJsonSecretRef"} 36 | } 37 | 38 | // GetObservation of this Secret 39 | func (tr *Secret) GetObservation() (map[string]interface{}, error) { 40 | o, err := json.TFParser.Marshal(tr.Status.AtProvider) 41 | if err != nil { 42 | return nil, err 43 | } 44 | base := map[string]interface{}{} 45 | return base, json.TFParser.Unmarshal(o, &base) 46 | } 47 | 48 | // SetObservation for this Secret 49 | func (tr *Secret) SetObservation(obs map[string]interface{}) error { 50 | p, err := json.TFParser.Marshal(obs) 51 | if err != nil { 52 | return err 53 | } 54 | return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) 55 | } 56 | 57 | // GetID returns ID of underlying Terraform resource of this Secret 58 | func (tr *Secret) GetID() string { 59 | if tr.Status.AtProvider.ID == nil { 60 | return "" 61 | } 62 | return *tr.Status.AtProvider.ID 63 | } 64 | 65 | // GetParameters of this Secret 66 | func (tr *Secret) GetParameters() (map[string]interface{}, error) { 67 | p, err := json.TFParser.Marshal(tr.Spec.ForProvider) 68 | if err != nil { 69 | return nil, err 70 | } 71 | base := map[string]interface{}{} 72 | return base, json.TFParser.Unmarshal(p, &base) 73 | } 74 | 75 | // SetParameters for this Secret 76 | func (tr *Secret) SetParameters(params map[string]interface{}) error { 77 | p, err := json.TFParser.Marshal(params) 78 | if err != nil { 79 | return err 80 | } 81 | return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) 82 | } 83 | 84 | // LateInitialize this Secret using its observed tfState. 85 | // returns True if there are any spec changes for the resource. 86 | func (tr *Secret) LateInitialize(attrs []byte) (bool, error) { 87 | params := &SecretParameters{} 88 | if err := json.TFParser.Unmarshal(attrs, params); err != nil { 89 | return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") 90 | } 91 | opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} 92 | 93 | li := resource.NewGenericLateInitializer(opts...) 94 | return li.LateInitialize(&tr.Spec.ForProvider, params) 95 | } 96 | 97 | // GetTerraformSchemaVersion returns the associated Terraform schema version 98 | func (tr *Secret) GetTerraformSchemaVersion() int { 99 | return 1 100 | } 101 | -------------------------------------------------------------------------------- /apis/v1alpha1/types.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Crossplane Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1alpha1 18 | 19 | import ( 20 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 21 | 22 | xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" 23 | ) 24 | 25 | // A ProviderConfigSpec defines the desired state of a ProviderConfig. 26 | type ProviderConfigSpec struct { 27 | // Credentials required to authenticate to this provider. 28 | Credentials ProviderCredentials `json:"credentials"` 29 | } 30 | 31 | // ProviderCredentials required to authenticate. 32 | type ProviderCredentials struct { 33 | // Source of the provider credentials. 34 | // +kubebuilder:validation:Enum=None;Secret;InjectedIdentity;Environment;Filesystem 35 | Source xpv1.CredentialsSource `json:"source"` 36 | 37 | xpv1.CommonCredentialSelectors `json:",inline"` 38 | } 39 | 40 | // A ProviderConfigStatus reflects the observed state of a ProviderConfig. 41 | type ProviderConfigStatus struct { 42 | xpv1.ProviderConfigStatus `json:",inline"` 43 | } 44 | 45 | // +kubebuilder:object:root=true 46 | 47 | // A ProviderConfig configures a Vault JET provider. 48 | // +kubebuilder:subresource:status 49 | // +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" 50 | // +kubebuilder:printcolumn:name="SECRET-NAME",type="string",JSONPath=".spec.credentials.secretRef.name",priority=1 51 | // +kubebuilder:resource:scope=Cluster 52 | // +kubebuilder:resource:scope=Cluster,categories={crossplane,provider,vaultjet} 53 | type ProviderConfig struct { 54 | metav1.TypeMeta `json:",inline"` 55 | metav1.ObjectMeta `json:"metadata,omitempty"` 56 | 57 | Spec ProviderConfigSpec `json:"spec"` 58 | Status ProviderConfigStatus `json:"status,omitempty"` 59 | } 60 | 61 | // +kubebuilder:object:root=true 62 | 63 | // ProviderConfigList contains a list of ProviderConfig. 64 | type ProviderConfigList struct { 65 | metav1.TypeMeta `json:",inline"` 66 | metav1.ListMeta `json:"metadata,omitempty"` 67 | Items []ProviderConfig `json:"items"` 68 | } 69 | 70 | // +kubebuilder:object:root=true 71 | 72 | // A ProviderConfigUsage indicates that a resource is using a ProviderConfig. 73 | // +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" 74 | // +kubebuilder:printcolumn:name="CONFIG-NAME",type="string",JSONPath=".providerConfigRef.name" 75 | // +kubebuilder:printcolumn:name="RESOURCE-KIND",type="string",JSONPath=".resourceRef.kind" 76 | // +kubebuilder:printcolumn:name="RESOURCE-NAME",type="string",JSONPath=".resourceRef.name" 77 | // +kubebuilder:resource:scope=Cluster,categories={crossplane,provider,vaultjet} 78 | type ProviderConfigUsage struct { 79 | metav1.TypeMeta `json:",inline"` 80 | metav1.ObjectMeta `json:"metadata,omitempty"` 81 | 82 | xpv1.ProviderConfigUsage `json:",inline"` 83 | } 84 | 85 | // +kubebuilder:object:root=true 86 | 87 | // ProviderConfigUsageList contains a list of ProviderConfigUsage 88 | type ProviderConfigUsageList struct { 89 | metav1.TypeMeta `json:",inline"` 90 | metav1.ListMeta `json:"metadata,omitempty"` 91 | Items []ProviderConfigUsage `json:"items"` 92 | } 93 | -------------------------------------------------------------------------------- /apis/generic/v1alpha1/zz_secret_types.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Crossplane Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by terrajet. DO NOT EDIT. 18 | 19 | package v1alpha1 20 | 21 | import ( 22 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 23 | "k8s.io/apimachinery/pkg/runtime/schema" 24 | 25 | v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" 26 | ) 27 | 28 | type SecretObservation struct { 29 | ID *string `json:"id,omitempty" tf:"id,omitempty"` 30 | } 31 | 32 | type SecretParameters struct { 33 | 34 | // JSON-encoded secret data to write. 35 | // +kubebuilder:validation:Required 36 | DataJSONSecretRef v1.SecretKeySelector `json:"dataJsonSecretRef" tf:"-"` 37 | 38 | // Only applicable for kv-v2 stores. If set, permanently deletes all versions for the specified key. 39 | // +kubebuilder:validation:Optional 40 | DeleteAllVersions *bool `json:"deleteAllVersions,omitempty" tf:"delete_all_versions,omitempty"` 41 | 42 | // Don't attempt to read the token from Vault if true; drift won't be detected. 43 | // +kubebuilder:validation:Optional 44 | DisableRead *bool `json:"disableRead,omitempty" tf:"disable_read,omitempty"` 45 | 46 | // Full path where the generic secret will be written. 47 | // +kubebuilder:validation:Required 48 | Path *string `json:"path" tf:"path,omitempty"` 49 | } 50 | 51 | // SecretSpec defines the desired state of Secret 52 | type SecretSpec struct { 53 | v1.ResourceSpec `json:",inline"` 54 | ForProvider SecretParameters `json:"forProvider"` 55 | } 56 | 57 | // SecretStatus defines the observed state of Secret. 58 | type SecretStatus struct { 59 | v1.ResourceStatus `json:",inline"` 60 | AtProvider SecretObservation `json:"atProvider,omitempty"` 61 | } 62 | 63 | // +kubebuilder:object:root=true 64 | 65 | // Secret is the Schema for the Secrets API 66 | // +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" 67 | // +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" 68 | // +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" 69 | // +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" 70 | // +kubebuilder:subresource:status 71 | // +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,vaultjet} 72 | type Secret struct { 73 | metav1.TypeMeta `json:",inline"` 74 | metav1.ObjectMeta `json:"metadata,omitempty"` 75 | Spec SecretSpec `json:"spec"` 76 | Status SecretStatus `json:"status,omitempty"` 77 | } 78 | 79 | // +kubebuilder:object:root=true 80 | 81 | // SecretList contains a list of Secrets 82 | type SecretList struct { 83 | metav1.TypeMeta `json:",inline"` 84 | metav1.ListMeta `json:"metadata,omitempty"` 85 | Items []Secret `json:"items"` 86 | } 87 | 88 | // Repository type metadata. 89 | var ( 90 | Secret_Kind = "Secret" 91 | Secret_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: Secret_Kind}.String() 92 | Secret_KindAPIVersion = Secret_Kind + "." + CRDGroupVersion.String() 93 | Secret_GroupVersionKind = CRDGroupVersion.WithKind(Secret_Kind) 94 | ) 95 | 96 | func init() { 97 | SchemeBuilder.Register(&Secret{}, &SecretList{}) 98 | } 99 | -------------------------------------------------------------------------------- /cmd/provider/main.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Crossplane Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package main 18 | 19 | import ( 20 | "os" 21 | "path/filepath" 22 | "time" 23 | 24 | "github.com/crossplane/crossplane-runtime/pkg/feature" 25 | tjcontroller "github.com/crossplane/terrajet/pkg/controller" 26 | "k8s.io/client-go/tools/leaderelection/resourcelock" 27 | 28 | xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" 29 | "github.com/crossplane/crossplane-runtime/pkg/logging" 30 | "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" 31 | "github.com/crossplane/terrajet/pkg/terraform" 32 | "gopkg.in/alecthomas/kingpin.v2" 33 | ctrl "sigs.k8s.io/controller-runtime" 34 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 35 | 36 | "github.com/crossplane-contrib/provider-jet-vault/apis" 37 | "github.com/crossplane-contrib/provider-jet-vault/config" 38 | "github.com/crossplane-contrib/provider-jet-vault/internal/clients" 39 | "github.com/crossplane-contrib/provider-jet-vault/internal/controller" 40 | ) 41 | 42 | func main() { 43 | var ( 44 | app = kingpin.New(filepath.Base(os.Args[0]), "Terraform based Crossplane provider for Vault").DefaultEnvars() 45 | debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() 46 | syncPeriod = app.Flag("sync", "Controller manager sync period such as 300ms, 1.5h, or 2h45m").Short('s').Default("1h").Duration() 47 | leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() 48 | terraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() 49 | providerSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() 50 | providerVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() 51 | maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may checked for drift from the desired state.").Default("10").Int() 52 | ) 53 | kingpin.MustParse(app.Parse(os.Args[1:])) 54 | 55 | zl := zap.New(zap.UseDevMode(*debug)) 56 | log := logging.NewLogrLogger(zl.WithName("provider-jet-vault")) 57 | if *debug { 58 | // The controller-runtime runs with a no-op logger by default. It is 59 | // *very* verbose even at info level, so we only provide it a real 60 | // logger when we're running in debug mode. 61 | ctrl.SetLogger(zl) 62 | } 63 | 64 | log.Debug("Starting", "sync-period", syncPeriod.String()) 65 | 66 | cfg, err := ctrl.GetConfig() 67 | kingpin.FatalIfError(err, "Cannot get API server rest config") 68 | 69 | mgr, err := ctrl.NewManager(cfg, ctrl.Options{ 70 | LeaderElection: *leaderElection, 71 | LeaderElectionID: "crossplane-leader-election-provider-jet-vault", 72 | SyncPeriod: syncPeriod, 73 | LeaderElectionResourceLock: resourcelock.LeasesResourceLock, 74 | LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), 75 | RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), 76 | }) 77 | kingpin.FatalIfError(err, "Cannot create controller manager") 78 | o := tjcontroller.Options{ 79 | Options: xpcontroller.Options{ 80 | Logger: log, 81 | GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), 82 | PollInterval: 1 * time.Minute, 83 | MaxConcurrentReconciles: 1, 84 | Features: &feature.Flags{}, 85 | }, 86 | Provider: config.GetProvider(), 87 | WorkspaceStore: terraform.NewWorkspaceStore(log), 88 | SetupFn: clients.TerraformSetupBuilder(*terraformVersion, *providerSource, *providerVersion), 89 | } 90 | kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add Vault APIs to scheme") 91 | kingpin.FatalIfError(controller.Setup(mgr, o), "Cannot setup Vault controllers") 92 | kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") 93 | } 94 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/crossplane-contrib/provider-jet-vault 2 | 3 | go 1.17 4 | 5 | require ( 6 | github.com/crossplane/crossplane-runtime v0.15.1-0.20220106140106-428b7c390375 7 | github.com/crossplane/crossplane-tools v0.0.0-20210916125540-071de511ae8e 8 | github.com/crossplane/terrajet v0.4.2 9 | github.com/hashicorp/terraform-plugin-sdk/v2 v2.7.0 10 | github.com/pkg/errors v0.9.1 11 | gopkg.in/alecthomas/kingpin.v2 v2.2.6 12 | k8s.io/apimachinery v0.23.0 13 | k8s.io/client-go v0.23.0 14 | sigs.k8s.io/controller-runtime v0.11.0 15 | sigs.k8s.io/controller-tools v0.8.0 16 | ) 17 | 18 | require ( 19 | github.com/agext/levenshtein v1.2.2 // indirect 20 | github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect 21 | github.com/alecthomas/units v0.0.0-20210912230133-d1bdfacee922 // indirect 22 | github.com/apparentlymart/go-textseg/v12 v12.0.0 // indirect 23 | github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect 24 | github.com/beorn7/perks v1.0.1 // indirect 25 | github.com/cespare/xxhash/v2 v2.1.1 // indirect 26 | github.com/dave/jennifer v1.4.1 // indirect 27 | github.com/davecgh/go-spew v1.1.1 // indirect 28 | github.com/evanphx/json-patch v4.12.0+incompatible // indirect 29 | github.com/fatih/camelcase v1.0.0 // indirect 30 | github.com/fatih/color v1.12.0 // indirect 31 | github.com/fsnotify/fsnotify v1.5.1 // indirect 32 | github.com/go-logr/logr v1.2.0 // indirect 33 | github.com/go-logr/zapr v1.2.0 // indirect 34 | github.com/gobuffalo/flect v0.2.3 // indirect 35 | github.com/gogo/protobuf v1.3.2 // indirect 36 | github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect 37 | github.com/golang/protobuf v1.5.2 // indirect 38 | github.com/google/go-cmp v0.5.6 // indirect 39 | github.com/google/gofuzz v1.1.0 // indirect 40 | github.com/google/uuid v1.1.2 // indirect 41 | github.com/googleapis/gnostic v0.5.5 // indirect 42 | github.com/hashicorp/errwrap v1.0.0 // indirect 43 | github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 // indirect 44 | github.com/hashicorp/go-multierror v1.0.0 // indirect 45 | github.com/hashicorp/go-uuid v1.0.1 // indirect 46 | github.com/hashicorp/go-version v1.3.0 // indirect 47 | github.com/hashicorp/hcl/v2 v2.8.2 // indirect 48 | github.com/hashicorp/terraform-json v0.13.0 // indirect 49 | github.com/hashicorp/terraform-plugin-go v0.3.0 // indirect 50 | github.com/iancoleman/strcase v0.2.0 // indirect 51 | github.com/imdario/mergo v0.3.12 // indirect 52 | github.com/inconshreveable/mousetrap v1.0.0 // indirect 53 | github.com/json-iterator/go v1.1.12 // indirect 54 | github.com/mattn/go-colorable v0.1.8 // indirect 55 | github.com/mattn/go-isatty v0.0.12 // indirect 56 | github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect 57 | github.com/mitchellh/copystructure v1.2.0 // indirect 58 | github.com/mitchellh/go-testing-interface v1.0.4 // indirect 59 | github.com/mitchellh/go-wordwrap v1.0.0 // indirect 60 | github.com/mitchellh/mapstructure v1.4.1 // indirect 61 | github.com/mitchellh/reflectwalk v1.0.2 // indirect 62 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect 63 | github.com/modern-go/reflect2 v1.0.2 // indirect 64 | github.com/muvaf/typewriter v0.0.0-20220131201631-921e94e8e8d7 // indirect 65 | github.com/prometheus/client_golang v1.11.0 // indirect 66 | github.com/prometheus/client_model v0.2.0 // indirect 67 | github.com/prometheus/common v0.28.0 // indirect 68 | github.com/prometheus/procfs v0.6.0 // indirect 69 | github.com/spf13/afero v1.8.0 // indirect 70 | github.com/spf13/cobra v1.2.1 // indirect 71 | github.com/spf13/pflag v1.0.5 // indirect 72 | github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect 73 | github.com/zclconf/go-cty v1.9.1 // indirect 74 | go.uber.org/atomic v1.7.0 // indirect 75 | go.uber.org/multierr v1.7.0 // indirect 76 | go.uber.org/zap v1.19.1 // indirect 77 | golang.org/x/mod v0.4.2 // indirect 78 | golang.org/x/net v0.0.0-20210825183410-e898025ed96a // indirect 79 | golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f // indirect 80 | golang.org/x/sys v0.0.0-20211029165221-6e7872819dc8 // indirect 81 | golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b // indirect 82 | golang.org/x/text v0.3.7 // indirect 83 | golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect 84 | golang.org/x/tools v0.1.6-0.20210820212750-d4cc65f0b2ff // indirect 85 | golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect 86 | gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect 87 | google.golang.org/appengine v1.6.7 // indirect 88 | google.golang.org/protobuf v1.27.1 // indirect 89 | gopkg.in/inf.v0 v0.9.1 // indirect 90 | gopkg.in/yaml.v2 v2.4.0 // indirect 91 | gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect 92 | k8s.io/api v0.23.0 // indirect 93 | k8s.io/apiextensions-apiserver v0.23.0 // indirect 94 | k8s.io/component-base v0.23.0 // indirect 95 | k8s.io/klog/v2 v2.30.0 // indirect 96 | k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 // indirect 97 | k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b // indirect 98 | sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6 // indirect 99 | sigs.k8s.io/structured-merge-diff/v4 v4.2.0 // indirect 100 | sigs.k8s.io/yaml v1.3.0 // indirect 101 | ) 102 | -------------------------------------------------------------------------------- /internal/clients/vault.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Crossplane Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package clients 18 | 19 | import ( 20 | "context" 21 | "encoding/json" 22 | "fmt" 23 | 24 | "github.com/crossplane/crossplane-runtime/pkg/resource" 25 | "github.com/crossplane/terrajet/pkg/terraform" 26 | "github.com/pkg/errors" 27 | "k8s.io/apimachinery/pkg/types" 28 | "sigs.k8s.io/controller-runtime/pkg/client" 29 | 30 | "github.com/crossplane-contrib/provider-jet-vault/apis/v1alpha1" 31 | ) 32 | 33 | const ( 34 | keyVaultAddr = "address" 35 | keyToken = "token" 36 | keyTokenName = "token_name" 37 | keyCaCertFile = "ca_cert_file" 38 | keyCaCertDir = "ca_cert_dir" 39 | keySkipTLSVerify = "skip_tls_verify" 40 | keySkipChildToken = "skip_child_token" 41 | keyMaxLeaseTTLSeconds = "max_lease_ttl_seconds" 42 | keyMaxRetries = "max_retries" 43 | keyMaxRetriesCcc = "max_retries_ccc" 44 | keyNamespace = "namespace" 45 | 46 | // TODO(@aaronme) These should only be added to the configuration if they 47 | // are supplied 48 | // keyAuthLogin = "auth_login" 49 | // keyClientAuth = "client_auth" 50 | // keyHeaders = "headers" 51 | 52 | // Vault credentials environment variable names 53 | envVaultAddr = "VAULT_ADDR" 54 | envToken = "VAULT_TOKEN" 55 | envTokenName = "VAULT_TOKEN_NAME" 56 | envCaCertFile = "VAULT_CACERT" 57 | envCaCertDir = "VAULT_CAPATH" 58 | envSkipTLSVerify = "VAULT_SKIP_VERIFY" 59 | envSkipChildToken = "TERRAFORM_VAULT_SKIP_CHILD_TOKEN" 60 | envMaxLeaseTTLSeconds = "TERRAFORM_VAULT_MAX_TTL" 61 | envMaxRetries = "VAULT_MAX_RETRIES" 62 | envMaxRetriesCcc = "VAULT_MAX_RETRIES_CCC" 63 | envNamespace = "VAULT_NAMESPACE" 64 | ) 65 | 66 | const ( 67 | fmtEnvVar = "%s=%s" 68 | 69 | // error messages 70 | errNoProviderConfig = "no providerConfigRef provided" 71 | errGetProviderConfig = "cannot get referenced ProviderConfig" 72 | errTrackUsage = "cannot track ProviderConfig usage" 73 | errExtractCredentials = "cannot extract credentials" 74 | errUnmarshalCredentials = "cannot unmarshal vault credentials as JSON" 75 | ) 76 | 77 | // TerraformSetupBuilder builds Terraform a terraform.SetupFn function which 78 | // returns Terraform provider setup configuration 79 | func TerraformSetupBuilder(version, providerSource, providerVersion string) terraform.SetupFn { 80 | return func(ctx context.Context, client client.Client, mg resource.Managed) (terraform.Setup, error) { 81 | ps := terraform.Setup{ 82 | Version: version, 83 | Requirement: terraform.ProviderRequirement{ 84 | Source: providerSource, 85 | Version: providerVersion, 86 | }, 87 | } 88 | 89 | configRef := mg.GetProviderConfigReference() 90 | if configRef == nil { 91 | return ps, errors.New(errNoProviderConfig) 92 | } 93 | pc := &v1alpha1.ProviderConfig{} 94 | if err := client.Get(ctx, types.NamespacedName{Name: configRef.Name}, pc); err != nil { 95 | return ps, errors.Wrap(err, errGetProviderConfig) 96 | } 97 | 98 | t := resource.NewProviderConfigUsageTracker(client, &v1alpha1.ProviderConfigUsage{}) 99 | if err := t.Track(ctx, mg); err != nil { 100 | return ps, errors.Wrap(err, errTrackUsage) 101 | } 102 | 103 | data, err := resource.CommonCredentialExtractor(ctx, pc.Spec.Credentials.Source, client, pc.Spec.Credentials.CommonCredentialSelectors) 104 | if err != nil { 105 | return ps, errors.Wrap(err, errExtractCredentials) 106 | } 107 | vaultCreds := map[string]string{} 108 | if err := json.Unmarshal(data, &vaultCreds); err != nil { 109 | return ps, errors.Wrap(err, errUnmarshalCredentials) 110 | } 111 | 112 | // set provider configuration 113 | ps.Configuration = map[string]interface{}{ 114 | "address": vaultCreds[keyVaultAddr], 115 | } 116 | // set environment variables for sensitive provider configuration 117 | ps.Env = []string{ 118 | fmt.Sprintf(fmtEnvVar, envVaultAddr, vaultCreds[keyVaultAddr]), 119 | fmt.Sprintf(fmtEnvVar, envToken, vaultCreds[keyToken]), 120 | fmt.Sprintf(fmtEnvVar, envTokenName, vaultCreds[keyTokenName]), 121 | fmt.Sprintf(fmtEnvVar, envToken, vaultCreds[keyToken]), 122 | fmt.Sprintf(fmtEnvVar, envCaCertFile, vaultCreds[keyCaCertFile]), 123 | fmt.Sprintf(fmtEnvVar, envCaCertDir, vaultCreds[keyCaCertDir]), 124 | fmt.Sprintf(fmtEnvVar, envSkipTLSVerify, vaultCreds[keySkipTLSVerify]), 125 | fmt.Sprintf(fmtEnvVar, envSkipChildToken, vaultCreds[keySkipChildToken]), 126 | fmt.Sprintf(fmtEnvVar, envMaxLeaseTTLSeconds, vaultCreds[keyMaxLeaseTTLSeconds]), 127 | fmt.Sprintf(fmtEnvVar, envMaxRetries, vaultCreds[keyMaxRetries]), 128 | fmt.Sprintf(fmtEnvVar, envMaxRetriesCcc, vaultCreds[keyMaxRetriesCcc]), 129 | fmt.Sprintf(fmtEnvVar, envNamespace, vaultCreds[keyNamespace]), 130 | } 131 | return ps, nil 132 | } 133 | } 134 | -------------------------------------------------------------------------------- /apis/generic/v1alpha1/zz_generated.deepcopy.go: -------------------------------------------------------------------------------- 1 | //go:build !ignore_autogenerated 2 | // +build !ignore_autogenerated 3 | 4 | /* 5 | Copyright 2021 The Crossplane Authors. 6 | 7 | Licensed under the Apache License, Version 2.0 (the "License"); 8 | you may not use this file except in compliance with the License. 9 | You may obtain a copy of the License at 10 | 11 | http://www.apache.org/licenses/LICENSE-2.0 12 | 13 | Unless required by applicable law or agreed to in writing, software 14 | distributed under the License is distributed on an "AS IS" BASIS, 15 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | See the License for the specific language governing permissions and 17 | limitations under the License. 18 | */ 19 | 20 | // Code generated by controller-gen. DO NOT EDIT. 21 | 22 | package v1alpha1 23 | 24 | import ( 25 | runtime "k8s.io/apimachinery/pkg/runtime" 26 | ) 27 | 28 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 29 | func (in *Secret) DeepCopyInto(out *Secret) { 30 | *out = *in 31 | out.TypeMeta = in.TypeMeta 32 | in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) 33 | in.Spec.DeepCopyInto(&out.Spec) 34 | in.Status.DeepCopyInto(&out.Status) 35 | } 36 | 37 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Secret. 38 | func (in *Secret) DeepCopy() *Secret { 39 | if in == nil { 40 | return nil 41 | } 42 | out := new(Secret) 43 | in.DeepCopyInto(out) 44 | return out 45 | } 46 | 47 | // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. 48 | func (in *Secret) DeepCopyObject() runtime.Object { 49 | if c := in.DeepCopy(); c != nil { 50 | return c 51 | } 52 | return nil 53 | } 54 | 55 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 56 | func (in *SecretList) DeepCopyInto(out *SecretList) { 57 | *out = *in 58 | out.TypeMeta = in.TypeMeta 59 | in.ListMeta.DeepCopyInto(&out.ListMeta) 60 | if in.Items != nil { 61 | in, out := &in.Items, &out.Items 62 | *out = make([]Secret, len(*in)) 63 | for i := range *in { 64 | (*in)[i].DeepCopyInto(&(*out)[i]) 65 | } 66 | } 67 | } 68 | 69 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretList. 70 | func (in *SecretList) DeepCopy() *SecretList { 71 | if in == nil { 72 | return nil 73 | } 74 | out := new(SecretList) 75 | in.DeepCopyInto(out) 76 | return out 77 | } 78 | 79 | // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. 80 | func (in *SecretList) DeepCopyObject() runtime.Object { 81 | if c := in.DeepCopy(); c != nil { 82 | return c 83 | } 84 | return nil 85 | } 86 | 87 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 88 | func (in *SecretObservation) DeepCopyInto(out *SecretObservation) { 89 | *out = *in 90 | if in.ID != nil { 91 | in, out := &in.ID, &out.ID 92 | *out = new(string) 93 | **out = **in 94 | } 95 | } 96 | 97 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretObservation. 98 | func (in *SecretObservation) DeepCopy() *SecretObservation { 99 | if in == nil { 100 | return nil 101 | } 102 | out := new(SecretObservation) 103 | in.DeepCopyInto(out) 104 | return out 105 | } 106 | 107 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 108 | func (in *SecretParameters) DeepCopyInto(out *SecretParameters) { 109 | *out = *in 110 | out.DataJSONSecretRef = in.DataJSONSecretRef 111 | if in.DeleteAllVersions != nil { 112 | in, out := &in.DeleteAllVersions, &out.DeleteAllVersions 113 | *out = new(bool) 114 | **out = **in 115 | } 116 | if in.DisableRead != nil { 117 | in, out := &in.DisableRead, &out.DisableRead 118 | *out = new(bool) 119 | **out = **in 120 | } 121 | if in.Path != nil { 122 | in, out := &in.Path, &out.Path 123 | *out = new(string) 124 | **out = **in 125 | } 126 | } 127 | 128 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretParameters. 129 | func (in *SecretParameters) DeepCopy() *SecretParameters { 130 | if in == nil { 131 | return nil 132 | } 133 | out := new(SecretParameters) 134 | in.DeepCopyInto(out) 135 | return out 136 | } 137 | 138 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 139 | func (in *SecretSpec) DeepCopyInto(out *SecretSpec) { 140 | *out = *in 141 | in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) 142 | in.ForProvider.DeepCopyInto(&out.ForProvider) 143 | } 144 | 145 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretSpec. 146 | func (in *SecretSpec) DeepCopy() *SecretSpec { 147 | if in == nil { 148 | return nil 149 | } 150 | out := new(SecretSpec) 151 | in.DeepCopyInto(out) 152 | return out 153 | } 154 | 155 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 156 | func (in *SecretStatus) DeepCopyInto(out *SecretStatus) { 157 | *out = *in 158 | in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) 159 | in.AtProvider.DeepCopyInto(&out.AtProvider) 160 | } 161 | 162 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStatus. 163 | func (in *SecretStatus) DeepCopy() *SecretStatus { 164 | if in == nil { 165 | return nil 166 | } 167 | out := new(SecretStatus) 168 | in.DeepCopyInto(out) 169 | return out 170 | } 171 | -------------------------------------------------------------------------------- /package/crds/vault.jet.crossplane.io_providerconfigs.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | controller-gen.kubebuilder.io/version: v0.8.0 7 | creationTimestamp: null 8 | name: providerconfigs.vault.jet.crossplane.io 9 | spec: 10 | group: vault.jet.crossplane.io 11 | names: 12 | categories: 13 | - crossplane 14 | - provider 15 | - vaultjet 16 | kind: ProviderConfig 17 | listKind: ProviderConfigList 18 | plural: providerconfigs 19 | singular: providerconfig 20 | scope: Cluster 21 | versions: 22 | - additionalPrinterColumns: 23 | - jsonPath: .metadata.creationTimestamp 24 | name: AGE 25 | type: date 26 | - jsonPath: .spec.credentials.secretRef.name 27 | name: SECRET-NAME 28 | priority: 1 29 | type: string 30 | name: v1alpha1 31 | schema: 32 | openAPIV3Schema: 33 | description: A ProviderConfig configures a Vault JET provider. 34 | properties: 35 | apiVersion: 36 | description: 'APIVersion defines the versioned schema of this representation 37 | of an object. Servers should convert recognized schemas to the latest 38 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 39 | type: string 40 | kind: 41 | description: 'Kind is a string value representing the REST resource this 42 | object represents. Servers may infer this from the endpoint the client 43 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 44 | type: string 45 | metadata: 46 | type: object 47 | spec: 48 | description: A ProviderConfigSpec defines the desired state of a ProviderConfig. 49 | properties: 50 | credentials: 51 | description: Credentials required to authenticate to this provider. 52 | properties: 53 | env: 54 | description: Env is a reference to an environment variable that 55 | contains credentials that must be used to connect to the provider. 56 | properties: 57 | name: 58 | description: Name is the name of an environment variable. 59 | type: string 60 | required: 61 | - name 62 | type: object 63 | fs: 64 | description: Fs is a reference to a filesystem location that contains 65 | credentials that must be used to connect to the provider. 66 | properties: 67 | path: 68 | description: Path is a filesystem path. 69 | type: string 70 | required: 71 | - path 72 | type: object 73 | secretRef: 74 | description: A SecretRef is a reference to a secret key that contains 75 | the credentials that must be used to connect to the provider. 76 | properties: 77 | key: 78 | description: The key to select. 79 | type: string 80 | name: 81 | description: Name of the secret. 82 | type: string 83 | namespace: 84 | description: Namespace of the secret. 85 | type: string 86 | required: 87 | - key 88 | - name 89 | - namespace 90 | type: object 91 | source: 92 | description: Source of the provider credentials. 93 | enum: 94 | - None 95 | - Secret 96 | - InjectedIdentity 97 | - Environment 98 | - Filesystem 99 | type: string 100 | required: 101 | - source 102 | type: object 103 | required: 104 | - credentials 105 | type: object 106 | status: 107 | description: A ProviderConfigStatus reflects the observed state of a ProviderConfig. 108 | properties: 109 | conditions: 110 | description: Conditions of the resource. 111 | items: 112 | description: A Condition that may apply to a resource. 113 | properties: 114 | lastTransitionTime: 115 | description: LastTransitionTime is the last time this condition 116 | transitioned from one status to another. 117 | format: date-time 118 | type: string 119 | message: 120 | description: A Message containing details about this condition's 121 | last transition from one status to another, if any. 122 | type: string 123 | reason: 124 | description: A Reason for this condition's last transition from 125 | one status to another. 126 | type: string 127 | status: 128 | description: Status of this condition; is it currently True, 129 | False, or Unknown? 130 | type: string 131 | type: 132 | description: Type of this condition. At most one of each condition 133 | type may apply to a resource at any point in time. 134 | type: string 135 | required: 136 | - lastTransitionTime 137 | - reason 138 | - status 139 | - type 140 | type: object 141 | type: array 142 | users: 143 | description: Users of this provider configuration. 144 | format: int64 145 | type: integer 146 | type: object 147 | required: 148 | - spec 149 | type: object 150 | served: true 151 | storage: true 152 | subresources: 153 | status: {} 154 | status: 155 | acceptedNames: 156 | kind: "" 157 | plural: "" 158 | conditions: [] 159 | storedVersions: [] 160 | -------------------------------------------------------------------------------- /apis/v1alpha1/zz_generated.deepcopy.go: -------------------------------------------------------------------------------- 1 | //go:build !ignore_autogenerated 2 | // +build !ignore_autogenerated 3 | 4 | /* 5 | Copyright 2021 The Crossplane Authors. 6 | 7 | Licensed under the Apache License, Version 2.0 (the "License"); 8 | you may not use this file except in compliance with the License. 9 | You may obtain a copy of the License at 10 | 11 | http://www.apache.org/licenses/LICENSE-2.0 12 | 13 | Unless required by applicable law or agreed to in writing, software 14 | distributed under the License is distributed on an "AS IS" BASIS, 15 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | See the License for the specific language governing permissions and 17 | limitations under the License. 18 | */ 19 | 20 | // Code generated by controller-gen. DO NOT EDIT. 21 | 22 | package v1alpha1 23 | 24 | import ( 25 | runtime "k8s.io/apimachinery/pkg/runtime" 26 | ) 27 | 28 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 29 | func (in *ProviderConfig) DeepCopyInto(out *ProviderConfig) { 30 | *out = *in 31 | out.TypeMeta = in.TypeMeta 32 | in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) 33 | in.Spec.DeepCopyInto(&out.Spec) 34 | in.Status.DeepCopyInto(&out.Status) 35 | } 36 | 37 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderConfig. 38 | func (in *ProviderConfig) DeepCopy() *ProviderConfig { 39 | if in == nil { 40 | return nil 41 | } 42 | out := new(ProviderConfig) 43 | in.DeepCopyInto(out) 44 | return out 45 | } 46 | 47 | // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. 48 | func (in *ProviderConfig) DeepCopyObject() runtime.Object { 49 | if c := in.DeepCopy(); c != nil { 50 | return c 51 | } 52 | return nil 53 | } 54 | 55 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 56 | func (in *ProviderConfigList) DeepCopyInto(out *ProviderConfigList) { 57 | *out = *in 58 | out.TypeMeta = in.TypeMeta 59 | in.ListMeta.DeepCopyInto(&out.ListMeta) 60 | if in.Items != nil { 61 | in, out := &in.Items, &out.Items 62 | *out = make([]ProviderConfig, len(*in)) 63 | for i := range *in { 64 | (*in)[i].DeepCopyInto(&(*out)[i]) 65 | } 66 | } 67 | } 68 | 69 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderConfigList. 70 | func (in *ProviderConfigList) DeepCopy() *ProviderConfigList { 71 | if in == nil { 72 | return nil 73 | } 74 | out := new(ProviderConfigList) 75 | in.DeepCopyInto(out) 76 | return out 77 | } 78 | 79 | // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. 80 | func (in *ProviderConfigList) DeepCopyObject() runtime.Object { 81 | if c := in.DeepCopy(); c != nil { 82 | return c 83 | } 84 | return nil 85 | } 86 | 87 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 88 | func (in *ProviderConfigSpec) DeepCopyInto(out *ProviderConfigSpec) { 89 | *out = *in 90 | in.Credentials.DeepCopyInto(&out.Credentials) 91 | } 92 | 93 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderConfigSpec. 94 | func (in *ProviderConfigSpec) DeepCopy() *ProviderConfigSpec { 95 | if in == nil { 96 | return nil 97 | } 98 | out := new(ProviderConfigSpec) 99 | in.DeepCopyInto(out) 100 | return out 101 | } 102 | 103 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 104 | func (in *ProviderConfigStatus) DeepCopyInto(out *ProviderConfigStatus) { 105 | *out = *in 106 | in.ProviderConfigStatus.DeepCopyInto(&out.ProviderConfigStatus) 107 | } 108 | 109 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderConfigStatus. 110 | func (in *ProviderConfigStatus) DeepCopy() *ProviderConfigStatus { 111 | if in == nil { 112 | return nil 113 | } 114 | out := new(ProviderConfigStatus) 115 | in.DeepCopyInto(out) 116 | return out 117 | } 118 | 119 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 120 | func (in *ProviderConfigUsage) DeepCopyInto(out *ProviderConfigUsage) { 121 | *out = *in 122 | out.TypeMeta = in.TypeMeta 123 | in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) 124 | out.ProviderConfigUsage = in.ProviderConfigUsage 125 | } 126 | 127 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderConfigUsage. 128 | func (in *ProviderConfigUsage) DeepCopy() *ProviderConfigUsage { 129 | if in == nil { 130 | return nil 131 | } 132 | out := new(ProviderConfigUsage) 133 | in.DeepCopyInto(out) 134 | return out 135 | } 136 | 137 | // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. 138 | func (in *ProviderConfigUsage) DeepCopyObject() runtime.Object { 139 | if c := in.DeepCopy(); c != nil { 140 | return c 141 | } 142 | return nil 143 | } 144 | 145 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 146 | func (in *ProviderConfigUsageList) DeepCopyInto(out *ProviderConfigUsageList) { 147 | *out = *in 148 | out.TypeMeta = in.TypeMeta 149 | in.ListMeta.DeepCopyInto(&out.ListMeta) 150 | if in.Items != nil { 151 | in, out := &in.Items, &out.Items 152 | *out = make([]ProviderConfigUsage, len(*in)) 153 | for i := range *in { 154 | (*in)[i].DeepCopyInto(&(*out)[i]) 155 | } 156 | } 157 | } 158 | 159 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderConfigUsageList. 160 | func (in *ProviderConfigUsageList) DeepCopy() *ProviderConfigUsageList { 161 | if in == nil { 162 | return nil 163 | } 164 | out := new(ProviderConfigUsageList) 165 | in.DeepCopyInto(out) 166 | return out 167 | } 168 | 169 | // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. 170 | func (in *ProviderConfigUsageList) DeepCopyObject() runtime.Object { 171 | if c := in.DeepCopy(); c != nil { 172 | return c 173 | } 174 | return nil 175 | } 176 | 177 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 178 | func (in *ProviderCredentials) DeepCopyInto(out *ProviderCredentials) { 179 | *out = *in 180 | in.CommonCredentialSelectors.DeepCopyInto(&out.CommonCredentialSelectors) 181 | } 182 | 183 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderCredentials. 184 | func (in *ProviderCredentials) DeepCopy() *ProviderCredentials { 185 | if in == nil { 186 | return nil 187 | } 188 | out := new(ProviderCredentials) 189 | in.DeepCopyInto(out) 190 | return out 191 | } 192 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # ==================================================================================== 2 | # Setup Project 3 | 4 | PROJECT_NAME := provider-jet-vault 5 | PROJECT_REPO := github.com/crossplane-contrib/$(PROJECT_NAME) 6 | 7 | export TERRAFORM_VERSION := 1.1.6 8 | 9 | export TERRAFORM_PROVIDER_SOURCE := hashicorp/vault 10 | export TERRAFORM_PROVIDER_VERSION := 3.3.1 11 | export TERRAFORM_PROVIDER_DOWNLOAD_NAME := terraform-provider-vault 12 | export TERRAFORM_PROVIDER_DOWNLOAD_URL_PREFIX := https://releases.hashicorp.com/terraform-provider-vault/3.3.1 13 | 14 | PLATFORMS ?= linux_amd64 linux_arm64 15 | 16 | # -include will silently skip missing files, which allows us 17 | # to load those files with a target in the Makefile. If only 18 | # "include" was used, the make command would fail and refuse 19 | # to run a target until the include commands succeeded. 20 | -include build/makelib/common.mk 21 | 22 | # ==================================================================================== 23 | # Setup Output 24 | 25 | -include build/makelib/output.mk 26 | 27 | # ==================================================================================== 28 | # Setup Go 29 | 30 | # Set a sane default so that the nprocs calculation below is less noisy on the initial 31 | # loading of this file 32 | NPROCS ?= 1 33 | 34 | # each of our test suites starts a kube-apiserver and running many test suites in 35 | # parallel can lead to high CPU utilization. by default we reduce the parallelism 36 | # to half the number of CPU cores. 37 | GO_TEST_PARALLEL := $(shell echo $$(( $(NPROCS) / 2 ))) 38 | 39 | GO_STATIC_PACKAGES = $(GO_PROJECT)/cmd/provider 40 | GO_LDFLAGS += -X $(GO_PROJECT)/internal/version.Version=$(VERSION) 41 | GO_SUBDIRS += cmd internal apis 42 | GO111MODULE = on 43 | -include build/makelib/golang.mk 44 | 45 | # ==================================================================================== 46 | # Setup Kubernetes tools 47 | 48 | -include build/makelib/k8s_tools.mk 49 | 50 | # ==================================================================================== 51 | # Setup Images 52 | 53 | REGISTRY_ORGS ?= docker.io/crossplane 54 | IMAGES = provider-jet-vault provider-jet-vault-controller 55 | -include build/makelib/imagelight.mk 56 | 57 | # ==================================================================================== 58 | # Fallthrough 59 | 60 | # run `make help` to see the targets and options 61 | 62 | # We want submodules to be set up the first time `make` is run. 63 | # We manage the build/ folder and its Makefiles as a submodule. 64 | # The first time `make` is run, the includes of build/*.mk files will 65 | # all fail, and this target will be run. The next time, the default as defined 66 | # by the includes will be run instead. 67 | fallthrough: submodules 68 | @echo Initial setup complete. Running make again . . . 69 | @make 70 | 71 | # ==================================================================================== 72 | # Setup Terraform for fetching provider schema 73 | TERRAFORM := $(TOOLS_HOST_DIR)/terraform-$(TERRAFORM_VERSION) 74 | TERRAFORM_WORKDIR := $(WORK_DIR)/terraform 75 | TERRAFORM_PROVIDER_SCHEMA := config/schema.json 76 | 77 | $(TERRAFORM): 78 | @$(INFO) installing terraform $(HOSTOS)-$(HOSTARCH) 79 | @mkdir -p $(TOOLS_HOST_DIR)/tmp-terraform 80 | @curl -fsSL https://releases.hashicorp.com/terraform/$(TERRAFORM_VERSION)/terraform_$(TERRAFORM_VERSION)_$(SAFEHOST_PLATFORM).zip -o $(TOOLS_HOST_DIR)/tmp-terraform/terraform.zip 81 | @unzip $(TOOLS_HOST_DIR)/tmp-terraform/terraform.zip -d $(TOOLS_HOST_DIR)/tmp-terraform 82 | @mv $(TOOLS_HOST_DIR)/tmp-terraform/terraform $(TERRAFORM) 83 | @rm -fr $(TOOLS_HOST_DIR)/tmp-terraform 84 | @$(OK) installing terraform $(HOSTOS)-$(HOSTARCH) 85 | 86 | $(TERRAFORM_PROVIDER_SCHEMA): $(TERRAFORM) 87 | @$(INFO) generating provider schema for $(TERRAFORM_PROVIDER_SOURCE) $(TERRAFORM_PROVIDER_VERSION) 88 | @mkdir -p $(TERRAFORM_WORKDIR) 89 | @echo '{"terraform":[{"required_providers":[{"provider":{"source":"'"$(TERRAFORM_PROVIDER_SOURCE)"'","version":"'"$(TERRAFORM_PROVIDER_VERSION)"'"}}],"required_version":"'"$(TERRAFORM_VERSION)"'"}]}' > $(TERRAFORM_WORKDIR)/main.tf.json 90 | @$(TERRAFORM) -chdir=$(TERRAFORM_WORKDIR) init > $(TERRAFORM_WORKDIR)/terraform-logs.txt 2>&1 91 | @$(TERRAFORM) -chdir=$(TERRAFORM_WORKDIR) providers schema -json=true > $(TERRAFORM_PROVIDER_SCHEMA) 2>> $(TERRAFORM_WORKDIR)/terraform-logs.txt 92 | @$(OK) generating provider schema for $(TERRAFORM_PROVIDER_SOURCE) $(TERRAFORM_PROVIDER_VERSION) 93 | 94 | generate.init: $(TERRAFORM_PROVIDER_SCHEMA) 95 | 96 | .PHONY: $(TERRAFORM_PROVIDER_SCHEMA) 97 | # ==================================================================================== 98 | # Targets 99 | 100 | # NOTE: the build submodule currently overrides XDG_CACHE_HOME in order to 101 | # force the Helm 3 to use the .work/helm directory. This causes Go on Linux 102 | # machines to use that directory as the build cache as well. We should adjust 103 | # this behavior in the build submodule because it is also causing Linux users 104 | # to duplicate their build cache, but for now we just make it easier to identify 105 | # its location in CI so that we cache between builds. 106 | go.cachedir: 107 | @go env GOCACHE 108 | 109 | # Generate a coverage report for cobertura applying exclusions on 110 | # - generated file 111 | cobertura: 112 | @cat $(GO_TEST_OUTPUT)/coverage.txt | \ 113 | grep -v zz_ | \ 114 | $(GOCOVER_COBERTURA) > $(GO_TEST_OUTPUT)/cobertura-coverage.xml 115 | 116 | # Update the submodules, such as the common build scripts. 117 | submodules: 118 | @git submodule sync 119 | @git submodule update --init --recursive 120 | 121 | # This is for running out-of-cluster locally, and is for convenience. Running 122 | # this make target will print out the command which was used. For more control, 123 | # try running the binary directly with different arguments. 124 | run: go.build 125 | @$(INFO) Running Crossplane locally out-of-cluster . . . 126 | @# To see other arguments that can be provided, run the command with --help instead 127 | $(GO_OUT_DIR)/provider --debug 128 | 129 | .PHONY: cobertura submodules fallthrough run crds.clean 130 | 131 | # ==================================================================================== 132 | # Special Targets 133 | 134 | define CROSSPLANE_MAKE_HELP 135 | Crossplane Targets: 136 | cobertura Generate a coverage report for cobertura applying exclusions on generated files. 137 | submodules Update the submodules, such as the common build scripts. 138 | run Run crossplane locally, out-of-cluster. Useful for development. 139 | 140 | endef 141 | # The reason CROSSPLANE_MAKE_HELP is used instead of CROSSPLANE_HELP is because the crossplane 142 | # binary will try to use CROSSPLANE_HELP if it is set, and this is for something different. 143 | export CROSSPLANE_MAKE_HELP 144 | 145 | crossplane.help: 146 | @echo "$$CROSSPLANE_MAKE_HELP" 147 | 148 | help-special: crossplane.help 149 | 150 | .PHONY: crossplane.help help-special -------------------------------------------------------------------------------- /.golangci.yml: -------------------------------------------------------------------------------- 1 | run: 2 | deadline: 10m 3 | 4 | skip-files: 5 | - "zz_\\..+\\.go$" 6 | 7 | output: 8 | # colored-line-number|line-number|json|tab|checkstyle|code-climate, default is "colored-line-number" 9 | format: colored-line-number 10 | 11 | linters-settings: 12 | errcheck: 13 | # report about not checking of errors in type assetions: `a := b.(MyStruct)`; 14 | # default is false: such cases aren't reported by default. 15 | check-type-assertions: false 16 | 17 | # report about assignment of errors to blank identifier: `num, _ := strconv.Atoi(numStr)`; 18 | # default is false: such cases aren't reported by default. 19 | check-blank: false 20 | 21 | # [deprecated] comma-separated list of pairs of the form pkg:regex 22 | # the regex is used to ignore names within pkg. (default "fmt:.*"). 23 | # see https://github.com/kisielk/errcheck#the-deprecated-method for details 24 | ignore: fmt:.*,io/ioutil:^Read.* 25 | 26 | govet: 27 | # report about shadowed variables 28 | check-shadowing: false 29 | 30 | golint: 31 | # minimal confidence for issues, default is 0.8 32 | min-confidence: 0.8 33 | 34 | gofmt: 35 | # simplify code: gofmt with `-s` option, true by default 36 | simplify: true 37 | 38 | goimports: 39 | # put imports beginning with prefix after 3rd-party packages; 40 | # it's a comma-separated list of prefixes 41 | local-prefixes: github.com/crossplane-contrib/provider-jet-template 42 | 43 | gocyclo: 44 | # minimal code complexity to report, 30 by default (but we recommend 10-20) 45 | min-complexity: 10 46 | 47 | maligned: 48 | # print struct with more effective memory layout or not, false by default 49 | suggest-new: true 50 | 51 | dupl: 52 | # tokens count to trigger issue, 150 by default 53 | threshold: 100 54 | 55 | goconst: 56 | # minimal length of string constant, 3 by default 57 | min-len: 3 58 | # minimal occurrences count to trigger, 3 by default 59 | min-occurrences: 5 60 | 61 | lll: 62 | # tab width in spaces. Default to 1. 63 | tab-width: 1 64 | 65 | unused: 66 | # treat code as a program (not a library) and report unused exported identifiers; default is false. 67 | # XXX: if you enable this setting, unused will report a lot of false-positives in text editors: 68 | # if it's called for subdir of a project it can't find funcs usages. All text editor integrations 69 | # with golangci-lint call it on a directory with the changed file. 70 | check-exported: false 71 | 72 | unparam: 73 | # Inspect exported functions, default is false. Set to true if no external program/library imports your code. 74 | # XXX: if you enable this setting, unparam will report a lot of false-positives in text editors: 75 | # if it's called for subdir of a project it can't find external interfaces. All text editor integrations 76 | # with golangci-lint call it on a directory with the changed file. 77 | check-exported: false 78 | 79 | nakedret: 80 | # make an issue if func has more lines of code than this setting and it has naked returns; default is 30 81 | max-func-lines: 30 82 | 83 | prealloc: 84 | # XXX: we don't recommend using this linter before doing performance profiling. 85 | # For most programs usage of prealloc will be a premature optimization. 86 | 87 | # Report preallocation suggestions only on simple loops that have no returns/breaks/continues/gotos in them. 88 | # True by default. 89 | simple: true 90 | range-loops: true # Report preallocation suggestions on range loops, true by default 91 | for-loops: false # Report preallocation suggestions on for loops, false by default 92 | 93 | gocritic: 94 | # Enable multiple checks by tags, run `GL_DEBUG=gocritic golangci-lint` run to see all tags and checks. 95 | # Empty list by default. See https://github.com/go-critic/go-critic#usage -> section "Tags". 96 | enabled-tags: 97 | - performance 98 | 99 | settings: # settings passed to gocritic 100 | captLocal: # must be valid enabled check name 101 | paramsOnly: true 102 | rangeValCopy: 103 | sizeThreshold: 32 104 | 105 | linters: 106 | enable: 107 | - megacheck 108 | - govet 109 | - gocyclo 110 | - gocritic 111 | - interfacer 112 | - goconst 113 | - goimports 114 | - gofmt # We enable this as well as goimports for its simplify mode. 115 | - prealloc 116 | - golint 117 | - unconvert 118 | - misspell 119 | - nakedret 120 | 121 | presets: 122 | - bugs 123 | - unused 124 | fast: false 125 | 126 | 127 | issues: 128 | # Excluding configuration per-path and per-linter 129 | exclude-rules: 130 | # Exclude some linters from running on tests files. 131 | - path: _test(ing)?\.go 132 | linters: 133 | - gocyclo 134 | - errcheck 135 | - dupl 136 | - gosec 137 | - scopelint 138 | - unparam 139 | 140 | # Ease some gocritic warnings on test files. 141 | - path: _test\.go 142 | text: "(unnamedResult|exitAfterDefer)" 143 | linters: 144 | - gocritic 145 | 146 | # These are performance optimisations rather than style issues per se. 147 | # They warn when function arguments or range values copy a lot of memory 148 | # rather than using a pointer. 149 | - text: "(hugeParam|rangeValCopy):" 150 | linters: 151 | - gocritic 152 | 153 | # This "TestMain should call os.Exit to set exit code" warning is not clever 154 | # enough to notice that we call a helper method that calls os.Exit. 155 | - text: "SA3000:" 156 | linters: 157 | - staticcheck 158 | 159 | - text: "k8s.io/api/core/v1" 160 | linters: 161 | - goimports 162 | 163 | # This is a "potential hardcoded credentials" warning. It's triggered by 164 | # any variable with 'secret' in the same, and thus hits a lot of false 165 | # positives in Kubernetes land where a Secret is an object type. 166 | - text: "G101:" 167 | linters: 168 | - gosec 169 | - gas 170 | 171 | # This is an 'errors unhandled' warning that duplicates errcheck. 172 | - text: "G104:" 173 | linters: 174 | - gosec 175 | - gas 176 | 177 | # Independently from option `exclude` we use default exclude patterns, 178 | # it can be disabled by this option. To list all 179 | # excluded by default patterns execute `golangci-lint run --help`. 180 | # Default value for this option is true. 181 | exclude-use-default: false 182 | 183 | # Show only new issues: if there are unstaged changes or untracked files, 184 | # only those changes are analyzed, else only changes in HEAD~ are analyzed. 185 | # It's a super-useful option for integration of golangci-lint into existing 186 | # large codebase. It's not practical to fix all existing issues at the moment 187 | # of integration: much better don't allow issues in new code. 188 | # Default is false. 189 | new: false 190 | 191 | # Maximum issues count per one linter. Set to 0 to disable. Default is 50. 192 | max-per-linter: 0 193 | 194 | # Maximum count of issues with the same text. Set to 0 to disable. Default is 3. 195 | max-same-issues: 0 196 | -------------------------------------------------------------------------------- /package/crds/generic.vault.jet.crossplane.io_secrets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | controller-gen.kubebuilder.io/version: v0.8.0 7 | creationTimestamp: null 8 | name: secrets.generic.vault.jet.crossplane.io 9 | spec: 10 | group: generic.vault.jet.crossplane.io 11 | names: 12 | categories: 13 | - crossplane 14 | - managed 15 | - vaultjet 16 | kind: Secret 17 | listKind: SecretList 18 | plural: secrets 19 | singular: secret 20 | scope: Cluster 21 | versions: 22 | - additionalPrinterColumns: 23 | - jsonPath: .status.conditions[?(@.type=='Ready')].status 24 | name: READY 25 | type: string 26 | - jsonPath: .status.conditions[?(@.type=='Synced')].status 27 | name: SYNCED 28 | type: string 29 | - jsonPath: .metadata.annotations.crossplane\.io/external-name 30 | name: EXTERNAL-NAME 31 | type: string 32 | - jsonPath: .metadata.creationTimestamp 33 | name: AGE 34 | type: date 35 | name: v1alpha1 36 | schema: 37 | openAPIV3Schema: 38 | description: Secret is the Schema for the Secrets API 39 | properties: 40 | apiVersion: 41 | description: 'APIVersion defines the versioned schema of this representation 42 | of an object. Servers should convert recognized schemas to the latest 43 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 44 | type: string 45 | kind: 46 | description: 'Kind is a string value representing the REST resource this 47 | object represents. Servers may infer this from the endpoint the client 48 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 49 | type: string 50 | metadata: 51 | type: object 52 | spec: 53 | description: SecretSpec defines the desired state of Secret 54 | properties: 55 | deletionPolicy: 56 | default: Delete 57 | description: DeletionPolicy specifies what will happen to the underlying 58 | external when this managed resource is deleted - either "Delete" 59 | or "Orphan" the external resource. 60 | enum: 61 | - Orphan 62 | - Delete 63 | type: string 64 | forProvider: 65 | properties: 66 | dataJsonSecretRef: 67 | description: JSON-encoded secret data to write. 68 | properties: 69 | key: 70 | description: The key to select. 71 | type: string 72 | name: 73 | description: Name of the secret. 74 | type: string 75 | namespace: 76 | description: Namespace of the secret. 77 | type: string 78 | required: 79 | - key 80 | - name 81 | - namespace 82 | type: object 83 | deleteAllVersions: 84 | description: Only applicable for kv-v2 stores. If set, permanently 85 | deletes all versions for the specified key. 86 | type: boolean 87 | disableRead: 88 | description: Don't attempt to read the token from Vault if true; 89 | drift won't be detected. 90 | type: boolean 91 | path: 92 | description: Full path where the generic secret will be written. 93 | type: string 94 | required: 95 | - dataJsonSecretRef 96 | - path 97 | type: object 98 | providerConfigRef: 99 | default: 100 | name: default 101 | description: ProviderConfigReference specifies how the provider that 102 | will be used to create, observe, update, and delete this managed 103 | resource should be configured. 104 | properties: 105 | name: 106 | description: Name of the referenced object. 107 | type: string 108 | required: 109 | - name 110 | type: object 111 | providerRef: 112 | description: 'ProviderReference specifies the provider that will be 113 | used to create, observe, update, and delete this managed resource. 114 | Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' 115 | properties: 116 | name: 117 | description: Name of the referenced object. 118 | type: string 119 | required: 120 | - name 121 | type: object 122 | writeConnectionSecretToRef: 123 | description: WriteConnectionSecretToReference specifies the namespace 124 | and name of a Secret to which any connection details for this managed 125 | resource should be written. Connection details frequently include 126 | the endpoint, username, and password required to connect to the 127 | managed resource. 128 | properties: 129 | name: 130 | description: Name of the secret. 131 | type: string 132 | namespace: 133 | description: Namespace of the secret. 134 | type: string 135 | required: 136 | - name 137 | - namespace 138 | type: object 139 | required: 140 | - forProvider 141 | type: object 142 | status: 143 | description: SecretStatus defines the observed state of Secret. 144 | properties: 145 | atProvider: 146 | properties: 147 | id: 148 | type: string 149 | type: object 150 | conditions: 151 | description: Conditions of the resource. 152 | items: 153 | description: A Condition that may apply to a resource. 154 | properties: 155 | lastTransitionTime: 156 | description: LastTransitionTime is the last time this condition 157 | transitioned from one status to another. 158 | format: date-time 159 | type: string 160 | message: 161 | description: A Message containing details about this condition's 162 | last transition from one status to another, if any. 163 | type: string 164 | reason: 165 | description: A Reason for this condition's last transition from 166 | one status to another. 167 | type: string 168 | status: 169 | description: Status of this condition; is it currently True, 170 | False, or Unknown? 171 | type: string 172 | type: 173 | description: Type of this condition. At most one of each condition 174 | type may apply to a resource at any point in time. 175 | type: string 176 | required: 177 | - lastTransitionTime 178 | - reason 179 | - status 180 | - type 181 | type: object 182 | type: array 183 | type: object 184 | required: 185 | - spec 186 | type: object 187 | served: true 188 | storage: true 189 | subresources: 190 | status: {} 191 | status: 192 | acceptedNames: 193 | kind: "" 194 | plural: "" 195 | conditions: [] 196 | storedVersions: [] 197 | -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- 1 | name: CI 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | - release-* 8 | pull_request: {} 9 | workflow_dispatch: {} 10 | 11 | env: 12 | # Common versions 13 | GO_VERSION: '1.17' 14 | GOLANGCI_VERSION: 'v1.31' 15 | DOCKER_BUILDX_VERSION: 'v0.4.2' 16 | 17 | # Common users. We can't run a step 'if secrets.AWS_USR != ""' but we can run 18 | # a step 'if env.AWS_USR' != ""', so we copy these to succinctly test whether 19 | # credentials have been provided before trying to run steps that need them. 20 | DOCKER_USR: ${{ secrets.DOCKER_USR }} 21 | AWS_USR: ${{ secrets.AWS_USR }} 22 | 23 | jobs: 24 | detect-noop: 25 | runs-on: ubuntu-18.04 26 | outputs: 27 | noop: ${{ steps.noop.outputs.should_skip }} 28 | steps: 29 | - name: Detect No-op Changes 30 | id: noop 31 | uses: fkirc/skip-duplicate-actions@v2.0.0 32 | with: 33 | github_token: ${{ secrets.GITHUB_TOKEN }} 34 | paths_ignore: '["**.md", "**.png", "**.jpg"]' 35 | do_not_skip: '["workflow_dispatch", "schedule", "push"]' 36 | 37 | 38 | lint: 39 | runs-on: ubuntu-18.04 40 | needs: detect-noop 41 | if: needs.detect-noop.outputs.noop != 'true' 42 | 43 | steps: 44 | - name: Checkout 45 | uses: actions/checkout@v2 46 | with: 47 | submodules: true 48 | 49 | - name: Find the Go Build Cache 50 | id: go 51 | run: echo "::set-output name=cache::$(make go.cachedir)" 52 | 53 | - name: Cache the Go Build Cache 54 | uses: actions/cache@v2 55 | with: 56 | path: ${{ steps.go.outputs.cache }} 57 | key: ${{ runner.os }}-build-lint-${{ hashFiles('**/go.sum') }} 58 | restore-keys: ${{ runner.os }}-build-lint- 59 | 60 | - name: Cache Go Dependencies 61 | uses: actions/cache@v2 62 | with: 63 | path: .work/pkg 64 | key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }} 65 | restore-keys: ${{ runner.os }}-pkg- 66 | 67 | - name: Vendor Dependencies 68 | run: make vendor vendor.check 69 | 70 | # Go version coming with golangci-lint-action may not be our desired 71 | # go version. We deploy our desired go version and then skip go 72 | # installation in golangci-lint-action in the next step as suggested 73 | # in https://github.com/golangci/golangci-lint-action/issues/183 74 | - uses: actions/setup-go@v2 75 | with: 76 | go-version: ${{ env.GO_VERSION }} 77 | # We could run 'make lint' to ensure our desired Go version, but we 78 | # prefer this action because it leaves 'annotations' (i.e. it comments 79 | # on PRs to point out linter violations). 80 | - name: Lint 81 | uses: golangci/golangci-lint-action@v2 82 | with: 83 | version: ${{ env.GOLANGCI_VERSION }} 84 | skip-go-installation: true 85 | args: --timeout 10m0s 86 | 87 | check-diff: 88 | runs-on: ubuntu-18.04 89 | needs: detect-noop 90 | if: needs.detect-noop.outputs.noop != 'true' 91 | 92 | steps: 93 | - name: Checkout 94 | uses: actions/checkout@v2 95 | with: 96 | submodules: true 97 | 98 | - name: Setup Go 99 | uses: actions/setup-go@v2 100 | with: 101 | go-version: ${{ env.GO_VERSION }} 102 | 103 | - name: Install goimports 104 | run: go install golang.org/x/tools/cmd/goimports 105 | 106 | - name: Find the Go Build Cache 107 | id: go 108 | run: echo "::set-output name=cache::$(make go.cachedir)" 109 | 110 | - name: Cache the Go Build Cache 111 | uses: actions/cache@v2 112 | with: 113 | path: ${{ steps.go.outputs.cache }} 114 | key: ${{ runner.os }}-build-check-diff-${{ hashFiles('**/go.sum') }} 115 | restore-keys: ${{ runner.os }}-build-check-diff- 116 | 117 | - name: Cache Go Dependencies 118 | uses: actions/cache@v2 119 | with: 120 | path: .work/pkg 121 | key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }} 122 | restore-keys: ${{ runner.os }}-pkg- 123 | 124 | - name: Vendor Dependencies 125 | run: make vendor vendor.check 126 | 127 | - name: Check Diff 128 | run: make check-diff 129 | 130 | unit-tests: 131 | runs-on: ubuntu-18.04 132 | needs: detect-noop 133 | if: needs.detect-noop.outputs.noop != 'true' 134 | 135 | steps: 136 | - name: Checkout 137 | uses: actions/checkout@v2 138 | with: 139 | submodules: true 140 | 141 | - name: Fetch History 142 | run: git fetch --prune --unshallow 143 | 144 | - name: Setup Go 145 | uses: actions/setup-go@v2 146 | with: 147 | go-version: ${{ env.GO_VERSION }} 148 | 149 | - name: Find the Go Build Cache 150 | id: go 151 | run: echo "::set-output name=cache::$(make go.cachedir)" 152 | 153 | - name: Cache the Go Build Cache 154 | uses: actions/cache@v2 155 | with: 156 | path: ${{ steps.go.outputs.cache }} 157 | key: ${{ runner.os }}-build-unit-tests-${{ hashFiles('**/go.sum') }} 158 | restore-keys: ${{ runner.os }}-build-unit-tests- 159 | 160 | - name: Cache Go Dependencies 161 | uses: actions/cache@v2 162 | with: 163 | path: .work/pkg 164 | key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }} 165 | restore-keys: ${{ runner.os }}-pkg- 166 | 167 | - name: Vendor Dependencies 168 | run: make vendor vendor.check 169 | 170 | - name: Run Unit Tests 171 | run: make -j2 test 172 | 173 | - name: Publish Unit Test Coverage 174 | uses: codecov/codecov-action@v1 175 | with: 176 | flags: unittests 177 | file: _output/tests/linux_amd64/coverage.txt 178 | 179 | e2e-tests: 180 | runs-on: ubuntu-18.04 181 | needs: detect-noop 182 | if: needs.detect-noop.outputs.noop != 'true' 183 | 184 | steps: 185 | - name: Setup QEMU 186 | uses: docker/setup-qemu-action@v1 187 | with: 188 | platforms: all 189 | 190 | - name: Setup Docker Buildx 191 | uses: docker/setup-buildx-action@v1 192 | with: 193 | version: ${{ env.DOCKER_BUILDX_VERSION }} 194 | install: true 195 | 196 | - name: Checkout 197 | uses: actions/checkout@v2 198 | with: 199 | submodules: true 200 | 201 | - name: Fetch History 202 | run: git fetch --prune --unshallow 203 | 204 | - name: Setup Go 205 | uses: actions/setup-go@v2 206 | with: 207 | go-version: ${{ env.GO_VERSION }} 208 | 209 | - name: Find the Go Build Cache 210 | id: go 211 | run: echo "::set-output name=cache::$(make go.cachedir)" 212 | 213 | - name: Cache the Go Build Cache 214 | uses: actions/cache@v2 215 | with: 216 | path: ${{ steps.go.outputs.cache }} 217 | key: ${{ runner.os }}-build-e2e-tests-${{ hashFiles('**/go.sum') }} 218 | restore-keys: ${{ runner.os }}-build-e2e-tests- 219 | 220 | - name: Cache Go Dependencies 221 | uses: actions/cache@v2 222 | with: 223 | path: .work/pkg 224 | key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }} 225 | restore-keys: | 226 | ${{ runner.os }}-pkg- 227 | 228 | - name: Vendor Dependencies 229 | run: make vendor vendor.check 230 | 231 | - name: Build Helm Chart 232 | run: make -j2 build 233 | env: 234 | # We're using docker buildx, which doesn't actually load the images it 235 | # builds by default. Specifying --load does so. 236 | BUILD_ARGS: "--load" 237 | 238 | - name: Run E2E Tests 239 | run: make e2e USE_HELM3=true 240 | 241 | publish-artifacts: 242 | runs-on: ubuntu-18.04 243 | needs: detect-noop 244 | if: needs.detect-noop.outputs.noop != 'true' 245 | 246 | steps: 247 | - name: Setup QEMU 248 | uses: docker/setup-qemu-action@v1 249 | with: 250 | platforms: all 251 | 252 | - name: Setup Docker Buildx 253 | uses: docker/setup-buildx-action@v1 254 | with: 255 | version: ${{ env.DOCKER_BUILDX_VERSION }} 256 | install: true 257 | 258 | - name: Checkout 259 | uses: actions/checkout@v2 260 | with: 261 | submodules: true 262 | 263 | - name: Fetch History 264 | run: git fetch --prune --unshallow 265 | 266 | - name: Setup Go 267 | uses: actions/setup-go@v2 268 | with: 269 | go-version: ${{ env.GO_VERSION }} 270 | 271 | - name: Find the Go Build Cache 272 | id: go 273 | run: echo "::set-output name=cache::$(make go.cachedir)" 274 | 275 | - name: Cache the Go Build Cache 276 | uses: actions/cache@v2 277 | with: 278 | path: ${{ steps.go.outputs.cache }} 279 | key: ${{ runner.os }}-build-publish-artifacts-${{ hashFiles('**/go.sum') }} 280 | restore-keys: ${{ runner.os }}-build-publish-artifacts- 281 | 282 | - name: Cache Go Dependencies 283 | uses: actions/cache@v2 284 | with: 285 | path: .work/pkg 286 | key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }} 287 | restore-keys: ${{ runner.os }}-pkg- 288 | 289 | - name: Vendor Dependencies 290 | run: make vendor vendor.check 291 | 292 | - name: Build Artifacts 293 | run: make -j2 build.all 294 | env: 295 | # We're using docker buildx, which doesn't actually load the images it 296 | # builds by default. Specifying --load does so. 297 | BUILD_ARGS: "--load" 298 | 299 | - name: Publish Artifacts to GitHub 300 | uses: actions/upload-artifact@v2 301 | with: 302 | name: output 303 | path: _output/** 304 | 305 | - name: Login to Docker 306 | uses: docker/login-action@v1 307 | if: env.DOCKER_USR != '' 308 | with: 309 | username: ${{ secrets.DOCKER_USR }} 310 | password: ${{ secrets.DOCKER_PSW }} 311 | 312 | - name: Publish Artifacts to S3 and Docker Hub 313 | run: make -j2 publish BRANCH_NAME=${GITHUB_REF##*/} 314 | if: env.AWS_USR != '' && env.DOCKER_USR != '' 315 | env: 316 | AWS_ACCESS_KEY_ID: ${{ secrets.AWS_USR }} 317 | AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PSW }} 318 | GIT_API_TOKEN: ${{ secrets.GITHUB_TOKEN }} 319 | 320 | - name: Promote Artifacts in S3 and Docker Hub 321 | if: github.ref == 'refs/heads/main' && env.AWS_USR != '' && env.DOCKER_USR != '' 322 | run: make -j2 promote 323 | env: 324 | BRANCH_NAME: main 325 | CHANNEL: main 326 | AWS_ACCESS_KEY_ID: ${{ secrets.AWS_USR }} 327 | AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PSW }} 328 | 329 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright 2016 The Crossplane Authors. All rights reserved. 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. --------------------------------------------------------------------------------