Switch to envRefs model

pulumi · Mar 25, 2021 · 3e08c23 · 3e08c23
1 parent 4d841bc
commit 3e08c23
Show file tree

Hide file tree

Showing 6 changed files with 374 additions and 61 deletions.
diff --git a/deploy/crds/pulumi.com_stacks.yaml b/deploy/crds/pulumi.com_stacks.yaml
@@ -52,18 +52,68 @@ spec:
             destroyOnFinalize:
               description: (optional) DestroyOnFinalize can be set to true to destroy the stack completely upon deletion of the CRD.
               type: boolean
+            envRefs:
+              additionalProperties:
+                description: ResourceRef identifies a resource from which information can be loaded.
+                properties:
+                  env:
+                    description: EnvSelector identifies the environment variable to load information from.
+                    properties:
+                      name:
+                        description: Name of the environment variable
+                        type: string
+                    required:
+                    - name
+                    type: object
+                  filesystem:
+                    description: FSSelector identifies the path to load information from.
+                    properties:
+                      path:
+                        description: Path on the filesystem to use to load information from.
+                        type: string
+                    required:
+                    - path
+                    type: object
+                  literal:
+                    description: LiteralRef identifies a literal value to load.
+                    properties:
+                      value:
+                        description: Value to load
+                        type: string
+                    required:
+                    - value
+                    type: object
+                  secret:
+                    description: SecretSelector identifies the information to load from a Kubernetes secret.
+                    properties:
+                      key:
+                        description: Key within the secret to use.
+                        type: string
+                      name:
+                        description: Name of the secret
+                        type: string
+                      namespace:
+                        description: Namespace where the secret is stored. Defaults to 'default' if omitted.
+                        type: string
+                    required:
+                    - key
+                    - name
+                    type: object
+                  type:
+                    description: 'SelectorType is required and signifies the type of selector. Must be one of: Env, FS, Secret, Literal'
+                    type: string
+                required:
+                - type
+                type: object
+              description: (optional) EnvRefs is an optional map containing environment variables as keys and stores descriptors to where the variables' values should be loaded from (one of literal, environment variable, file on the filesystem, or Kubernetes secret) as values.
+              type: object
             envSecrets:
-              description: (optional) SecretEnvs is an optional array of secret names containing environment variables to set.
+              description: '(optional) SecretEnvs is an optional array of secret names containing environment variables to set. Deprecated: use EnvRefs instead.'
               items:
                 type: string
               type: array
-            envSecretsFromPath:
-              additionalProperties:
-                type: string
-              description: (optional) SecretEnvsFromPath is an optional map of environment variables whose values are secrets read from paths on the filesystem. The paths could be injected through Kubernetes secret volume mounts, CSI drivers, etc. This is an alternative to passing secret environment variables to the stack through SecretEnvs which doesn't directly depend on Kubernetes Secrets.
-              type: object
             envs:
-              description: (optional) Envs is an optional array of config maps containing environment variables to set.
+              description: '(optional) Envs is an optional array of config maps containing environment variables to set. Deprecated: use EnvRefs instead.'
               items:
                 type: string
               type: array

diff --git a/pkg/apis/pulumi/v1alpha1/stack_types.go b/pkg/apis/pulumi/v1alpha1/stack_types.go
@@ -16,15 +16,20 @@ type StackSpec struct {
 	// Deprecated: use SecretEnvsFromPath with PULUMI_ACCESS_TOKEN as key or SecretEnvs with a secret entry key
 	// PULUMI_ACCESS_KEY instead.
 	AccessTokenSecret string `json:"accessTokenSecret,omitempty"`
+
 	// (optional) Envs is an optional array of config maps containing environment variables to set.
+	// Deprecated: use EnvRefs instead.
 	Envs []string `json:"envs,omitempty"`
+
+	// (optional) EnvRefs is an optional map containing environment variables as keys and stores descriptors to where
+	// the variables' values should be loaded from (one of literal, environment variable, file on the
+	// filesystem, or Kubernetes secret) as values.
+	EnvRefs map[string]ResourceRef `json:"envRefs,omitempty"`
+
 	// (optional) SecretEnvs is an optional array of secret names containing environment variables to set.
+	// Deprecated: use EnvRefs instead.
 	SecretEnvs []string `json:"envSecrets,omitempty"`
-	// (optional) SecretEnvsFromPath is an optional map of environment variables whose values are secrets
-	// read from paths on the filesystem. The paths could be injected through Kubernetes secret volume mounts,
-	// CSI drivers, etc. This is an alternative to passing secret environment variables to the stack through
-	// SecretEnvs which doesn't directly depend on Kubernetes Secrets.
-	SecretEnvsFromPath map[string]string `json:"envSecretsFromPath,omitempty"`
+
 	// (optional) Backend is an optional backend URL to use for all Pulumi operations.
 	// Examples:
 	//   - Pulumi Service:              "https://app.pulumi.com" (default)
@@ -98,6 +103,113 @@ type StackSpec struct {
 	RetryOnUpdateConflict bool `json:"retryOnUpdateConflict,omitempty"`
 }
 
+// ResourceRef identifies a resource from which information can be loaded.
+type ResourceRef struct {
+	// SelectorType is required and signifies the type of selector. Must be one of:
+	// Env, FS, Secret, Literal
+	SelectorType     ResourceSelectorType `json:"type"`
+	ResourceSelector `json:",inline"`
+}
+
+// NewEnvResourceRef creates a new environment variable resource ref.
+func NewEnvResourceRef(envVarName string) ResourceRef {
+	return ResourceRef{
+		SelectorType: ResourceSelectorEnv,
+		ResourceSelector: ResourceSelector{
+			Env: &EnvSelector{
+				Name: envVarName,
+			},
+		},
+	}
+}
+
+// NewFileSystemResourceRef creates a new file system resource ref.
+func NewFileSystemResourceRef(path string) ResourceRef {
+	return ResourceRef{
+		SelectorType: ResourceSelectorFS,
+		ResourceSelector: ResourceSelector{
+			FileSystem: &FSSelector{
+				Path: path,
+			},
+		},
+	}
+}
+
+// NewSecretResourceRef creates a new secret resource ref.
+func NewSecretResourceRef(namespace, name, key string) ResourceRef {
+	return ResourceRef{
+		SelectorType: ResourceSelectorSecret,
+		ResourceSelector: ResourceSelector{
+			SecretRef: &SecretSelector{
+				Namespace: namespace,
+				Name:      name,
+				Key:       key,
+			},
+		},
+	}
+}
+
+// NewLiteralResourceRef creates a new literal resource ref.
+func NewLiteralResourceRef(value string) ResourceRef {
+	return ResourceRef{
+		SelectorType: ResourceSelectorLiteral,
+		ResourceSelector: ResourceSelector{
+			LiteralRef: &LiteralRef{
+				Value: value,
+			},
+		},
+	}
+}
+
+// ResourceSelectorType identifies the type of the resource reference in
+type ResourceSelectorType string
+
+const (
+	// ResourceSelectorEnv indicates the resource is an environment variable
+	ResourceSelectorEnv = ResourceSelectorType("Env")
+	// ResourceSelectorFS indicates the resource is on the filesystem
+	ResourceSelectorFS = ResourceSelectorType("FS")
+	// ResourceSelectorSecret indicates the resource is a Kubernetes secret
+	ResourceSelectorSecret = ResourceSelectorType("Secret")
+	// ResourceSelectorLiteral indicates the resource is a literal
+	ResourceSelectorLiteral = ResourceSelectorType("Literal")
+)
+
+type ResourceSelector struct {
+	FileSystem *FSSelector     `json:"filesystem,omitempty"`
+	Env        *EnvSelector    `json:"env,omitempty"`
+	SecretRef  *SecretSelector `json:"secret,omitempty"`
+	LiteralRef *LiteralRef     `json:"literal,omitempty"`
+}
+
+// FSSelector identifies the path to load information from.
+type FSSelector struct {
+	// Path on the filesystem to use to load information from.
+	Path string `json:"path"`
+}
+
+// EnvSelector identifies the environment variable to load information from.
+type EnvSelector struct {
+	// Name of the environment variable
+	Name string `json:"name"`
+}
+
+// SecretSelector identifies the information to load from a Kubernetes secret.
+type SecretSelector struct {
+	// Namespace where the secret is stored. Defaults to 'default' if omitted.
+	Namespace string `json:"namespace,omitempty"`
+	// Name of the secret
+	Name string `json:"name"`
+	// Key within the secret to use.
+	Key string `json:"key"`
+}
+
+// LiteralRef identifies a literal value to load.
+type LiteralRef struct {
+	// Value to load
+	Value string `json:"value"`
+}
+
 // StackStatus defines the observed state of Stack
 type StackStatus struct {
 	// Outputs contains the exported stack output variables resulting from a deployment.

diff --git a/pkg/apis/pulumi/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/pulumi/v1alpha1/zz_generated.deepcopy.go