Marking passwords field of aws_elasticache_user as sensitive

Signed-off-by: Sergen Yalçın <[email protected]>
crossplane-contrib · Jan 11, 2022 · 6299bf3 · 6299bf3
1 parent fc54126
commit 6299bf3
Show file tree

Hide file tree

Showing 8 changed files with 56 additions and 15 deletions.
diff --git a/apis/elasticache/v1alpha2/zz_generated.deepcopy.go b/apis/elasticache/v1alpha2/zz_generated.deepcopy.go
diff --git a/apis/elasticache/v1alpha2/zz_user_terraformed.go b/apis/elasticache/v1alpha2/zz_user_terraformed.go
diff --git a/apis/elasticache/v1alpha2/zz_user_types.go b/apis/elasticache/v1alpha2/zz_user_types.go
diff --git a/config/elasticache/config.go b/config/elasticache/config.go
@@ -65,6 +65,9 @@ func Configure(p *config.Provider) {
 
 	p.AddResourceConfigurator("aws_elasticache_user", func(r *config.Resource) {
 		r.Version = common.VersionV1Alpha2
+		if s, ok := r.TerraformResource.Schema["passwords"]; ok {
+			s.Sensitive = true
+		}
 		r.ExternalName = config.ExternalName{
 			SetIdentifierArgumentFn: func(base map[string]interface{}, name string) {
 				base["user_id"] = name

diff --git a/examples/elasticache/user.yaml b/examples/elasticache/user.yaml
@@ -0,0 +1,20 @@
+apiVersion: elasticache.aws.jet.crossplane.io/v1alpha1
+kind: User
+metadata:
+  name: sample-user
+spec:
+  forProvider:
+    userName: "testUserName"
+    accessString: "on ~app::* -@all +@read +@hash +@bitmap +@geo -setbit -bitfield -hset -hsetnx -hmset -hincrby -hincrbyfloat -hdel -bitop -geoadd -georadius -georadiusbymember"
+    engine: "REDIS"
+    region: us-west-1
+    passwordsSecretRef:
+      - name: user-passwords
+        namespace: crossplane-system
+        key: pwd-1
+      - name: user-passwords
+        namespace: crossplane-system
+        key: pwd-2
+  writeConnectionSecretToRef:
+    name: user-conn
+    namespace: default
diff --git a/go.mod b/go.mod
@@ -20,3 +20,7 @@ require (
 )
 
 replace github.com/hashicorp/terraform-plugin-sdk/v2 => github.com/gdavison/terraform-plugin-sdk/v2 v2.0.2-0.20210714181518-b5a3dc95a675
+
+// This PR depends on the following one -> https://github.com/crossplane/terrajet/pull/197
+// Until merge the dependent PR, the temporary replace command was added.
+replace github.com/crossplane/terrajet => github.com/sergenyalcin/terrajet v0.1.1-0.20220111113702-bce950cd8f45
diff --git a/go.sum b/go.sum
@@ -189,8 +189,6 @@ github.com/crossplane/crossplane-tools v0.0.0-20210916125540-071de511ae8e h1:7UM
 github.com/crossplane/crossplane-tools v0.0.0-20210916125540-071de511ae8e/go.mod h1:3GzY5sP0PVePArghBh5K4fGzS/3kM0R/NAZn5s7LXqw=
 github.com/crossplane/provider-aws v0.19.0 h1:pfjxtuj0ZEllzBnyA7X2MgM62EqSwKCdBwIHPsbPEBM=
 github.com/crossplane/provider-aws v0.19.0/go.mod h1:ntcIkyfgz/y+WgfBmse05S6RnCxK4cmhhtI8a7IzySs=
-github.com/crossplane/terrajet v0.3.1 h1:mFfiocxOIVWTN+ujjOCV0sd0/r7bQY5LG292HTlCAvM=
-github.com/crossplane/terrajet v0.3.1/go.mod h1:fFjGal+3iF/D3XaxuTHw0xNHO+UslVhxNkNZITDXz44=
 github.com/dave/jennifer v1.3.0/go.mod h1:fIb+770HOpJ2fmN9EPPKOqm1vMGhB+TwXKMZhrIygKg=
 github.com/dave/jennifer v1.4.1 h1:XyqG6cn5RQsTj3qlWQTKlRGAyrTcsk1kUmWdZBzRjDw=
 github.com/dave/jennifer v1.4.1/go.mod h1:7jEdnm+qBcxl8PC0zyp7vxcpSRnzXSt9r39tpTVGlwA=
@@ -746,6 +744,8 @@ github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQD
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
 github.com/sebdah/goldie v1.0.0/go.mod h1:jXP4hmWywNEwZzhMuv2ccnqTSFpuq8iyQhtQdkkZBH4=
+github.com/sergenyalcin/terrajet v0.1.1-0.20220111113702-bce950cd8f45 h1:KILogY3W2HPWma47Aa9r4dub2HKJYc807Fmxp82F3XE=
+github.com/sergenyalcin/terrajet v0.1.1-0.20220111113702-bce950cd8f45/go.mod h1:fFjGal+3iF/D3XaxuTHw0xNHO+UslVhxNkNZITDXz44=
 github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
 github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
 github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=

diff --git a/package/crds/elasticache.aws.jet.crossplane.io_users.yaml b/package/crds/elasticache.aws.jet.crossplane.io_users.yaml
@@ -70,9 +70,25 @@ spec:
                     type: string
                   noPasswordRequired:
                     type: boolean
-                  passwords:
+                  passwordsSecretRef:
                     items:
-                      type: string
+                      description: A SecretKeySelector is a reference to a secret
+                        key in an arbitrary namespace.
+                      properties:
+                        key:
+                          description: The key to select.
+                          type: string
+                        name:
+                          description: Name of the secret.
+                          type: string
+                        namespace:
+                          description: Namespace of the secret.
+                          type: string
+                      required:
+                      - key
+                      - name
+                      - namespace
+                      type: object
                     type: array
                   region:
                     description: Region is the region you'd like your resource to