Skip to content

Commit

Permalink
chore: make username and password required for CredentialBasicAuth
Browse files Browse the repository at this point in the history
  • Loading branch information
pmalek committed Sep 19, 2024
1 parent 090267a commit 0bf6bf1
Show file tree
Hide file tree
Showing 8 changed files with 78 additions and 81 deletions.
19 changes: 10 additions & 9 deletions api/configuration/v1alpha1/credential_basic_auth_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,8 @@ import (
// +kubebuilder:storageversion
// +kubebuilder:subresource:status
// +kubebuilder:printcolumn:name="Programmed",description="The Resource is Programmed on Konnect",type=string,JSONPath=`.status.conditions[?(@.type=='Programmed')].status`
// +kubebuilder:validation:XValidation:rule="!has(oldSelf.spec.consumerRef) || has(self.spec.consumerRef)", message="consumerRef is required once set"
// +kubebuilder:validation:XValidation:rule="(!self.status.conditions.exists(c, c.type == 'Programmed' && c.status == 'True')) ? true : oldSelf.spec.consumerRef == self.spec.consumerRef", message="spec.consumerRef is immutable when an entity is already Programmed"
// +kubebuilder:validation:XValidation:rule="!has(oldSelf.spec.consumerRef) || has(self.spec.consumerRef)",message="consumerRef is required once set"
// +kubebuilder:validation:XValidation:rule="(!self.status.conditions.exists(c, c.type == 'Programmed' && c.status == 'True')) ? true : oldSelf.spec.consumerRef == self.spec.consumerRef",message="spec.consumerRef is immutable when an entity is already Programmed"
type CredentialBasicAuth struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Expand Down Expand Up @@ -113,22 +113,23 @@ type CredentialBasicAuthSpec struct {
// +kubebuilder:validation:Required
ConsumerRef corev1.LocalObjectReference `json:"consumerRef"`

// SecretRef is a reference to a Secret this CredentialBasicAuth is associated with.
//
// +kubebuilder:validation:Required
SecretRef corev1.LocalObjectReference `json:"secretRef"`

CredentialBasicAuthAPISpec `json:",inline"`
}

// CredentialBasicAuthAPISpec defines specification of a BasicAuth credential.
type CredentialBasicAuthAPISpec struct {
// Password is the password for the BasicAuth credential.
Password *string `json:"password,omitempty"`
//
// +kubebuilder:validation:Required
Password string `json:"password"`

// Tags is a list of tags for the BasicAuth credential.
Tags []string `json:"tags,omitempty"`

// Username is the username for the BasicAuth credential.
Username *string `json:"username,omitempty"`
//
// +kubebuilder:validation:Required
Username string `json:"username"`
}

// CredentialBasicAuthStatus represents the current status of the BasicAuth credential resource.
Expand Down
11 changes: 0 additions & 11 deletions api/configuration/v1alpha1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
Expand Up @@ -63,21 +63,6 @@ spec:
password:
description: Password is the password for the BasicAuth credential.
type: string
secretRef:
description: SecretRef is a reference to a Secret this CredentialBasicAuth
is associated with.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
tags:
description: Tags is a list of tags for the BasicAuth credential.
items:
Expand All @@ -88,7 +73,8 @@ spec:
type: string
required:
- consumerRef
- secretRef
- password
- username
type: object
status:
default:
Expand Down
1 change: 0 additions & 1 deletion docs/api-reference.md
Original file line number Diff line number Diff line change
Expand Up @@ -590,7 +590,6 @@ CredentialBasicAuthSpec defines specification of a Kong Route.
| Field | Description |
| --- | --- |
| `consumerRef` _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#localobjectreference-v1-core)_ | ConsumerRef is a reference to a Consumer this CredentialBasicAuth is associated with. |
| `secretRef` _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#localobjectreference-v1-core)_ | SecretRef is a reference to a Secret this CredentialBasicAuth is associated with. |
| `password` _string_ | Password is the password for the BasicAuth credential. |
| `tags` _string array_ | Tags is a list of tags for the BasicAuth credential. |
| `username` _string_ | Username is the username for the BasicAuth credential. |
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ import (
"github.com/kong/kubernetes-configuration/test/crdsvalidation/credentialbasicauth/testcases"
)

func CredentialBasicAuth(t *testing.T) {
func TestCredentialBasicAuth(t *testing.T) {
ctx := context.Background()
cfg, err := config.GetConfig()
require.NoError(t, err, "error loading Kubernetes config")
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ var TestCases = []testCasesGroup{}

func init() {
TestCases = append(TestCases,
requiredFields,
updatesNotAllowedForStatus,
)
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,12 +22,9 @@ var updatesNotAllowedForStatus = testCasesGroup{
ConsumerRef: corev1.LocalObjectReference{
Name: "test-kong-consumer",
},
SecretRef: corev1.LocalObjectReference{
Name: "test-secret",
},
CredentialBasicAuthAPISpec: configurationv1alpha1.CredentialBasicAuthAPISpec{
Password: lo.ToPtr("password"),
Username: lo.ToPtr("username"),
Password: "password",
Username: "username",
},
},
},
Expand All @@ -45,7 +42,7 @@ var updatesNotAllowedForStatus = testCasesGroup{
Update: func(c *configurationv1alpha1.CredentialBasicAuth) {
c.Spec.ConsumerRef.Name = "new-consumer"
},
ExpectedUpdateErrorMessage: lo.ToPtr("spec.consumerREf is immutable when an entity is already Programmed"),
ExpectedUpdateErrorMessage: lo.ToPtr("spec.consumerRef is immutable when an entity is already Programmed"),
},
{
Name: "consumerRef change is allowed when consumer is not Programmed=True nor APIAuthValid=True",
Expand All @@ -55,12 +52,9 @@ var updatesNotAllowedForStatus = testCasesGroup{
ConsumerRef: corev1.LocalObjectReference{
Name: "test-kong-consumer",
},
SecretRef: corev1.LocalObjectReference{
Name: "test-secret",
},
CredentialBasicAuthAPISpec: configurationv1alpha1.CredentialBasicAuthAPISpec{
Password: lo.ToPtr("password"),
Username: lo.ToPtr("username"),
Password: "password",
Username: "username",
},
},
},
Expand All @@ -79,37 +73,5 @@ var updatesNotAllowedForStatus = testCasesGroup{
c.Spec.ConsumerRef.Name = "new-consumer"
},
},
{
Name: "secretRef change is allowed when consumer is Programmed=True",
CredentialBasicAuth: configurationv1alpha1.CredentialBasicAuth{
ObjectMeta: commonObjectMeta,
Spec: configurationv1alpha1.CredentialBasicAuthSpec{
ConsumerRef: corev1.LocalObjectReference{
Name: "test-kong-consumer",
},
SecretRef: corev1.LocalObjectReference{
Name: "test-secret",
},
CredentialBasicAuthAPISpec: configurationv1alpha1.CredentialBasicAuthAPISpec{
Password: lo.ToPtr("password"),
Username: lo.ToPtr("username"),
},
},
},
CredentialBasicAuthStatus: &configurationv1alpha1.CredentialBasicAuthStatus{
Konnect: &konnectv1alpha1.KonnectEntityStatusWithControlPlaneRef{},
Conditions: []metav1.Condition{
{
Type: "Programmed",
Status: metav1.ConditionTrue,
Reason: "Valid",
LastTransitionTime: metav1.Now(),
},
},
},
Update: func(c *configurationv1alpha1.CredentialBasicAuth) {
c.Spec.SecretRef.Name = "new-secret"
},
},
},
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
package testcases

import (
"github.com/samber/lo"
corev1 "k8s.io/api/core/v1"

configurationv1alpha1 "github.com/kong/kubernetes-configuration/api/configuration/v1alpha1"
)

var requiredFields = testCasesGroup{
Name: "required fields validation",
TestCases: []testCase{
{
Name: "password is required",
CredentialBasicAuth: configurationv1alpha1.CredentialBasicAuth{
ObjectMeta: commonObjectMeta,
Spec: configurationv1alpha1.CredentialBasicAuthSpec{
ConsumerRef: corev1.LocalObjectReference{
Name: "test-kong-consumer",
},
CredentialBasicAuthAPISpec: configurationv1alpha1.CredentialBasicAuthAPISpec{
Username: "username",
},
},
},
ExpectedUpdateErrorMessage: lo.ToPtr("spec.consumerREf is immutable when an entity is already Programmed"),
},
{
Name: "username is required",
CredentialBasicAuth: configurationv1alpha1.CredentialBasicAuth{
ObjectMeta: commonObjectMeta,
Spec: configurationv1alpha1.CredentialBasicAuthSpec{
ConsumerRef: corev1.LocalObjectReference{
Name: "test-kong-consumer",
},
CredentialBasicAuthAPISpec: configurationv1alpha1.CredentialBasicAuthAPISpec{
Password: "password",
},
},
},
ExpectedUpdateErrorMessage: lo.ToPtr("spec.consumerREf is immutable when an entity is already Programmed"),
},
{
Name: "password and username are required",
CredentialBasicAuth: configurationv1alpha1.CredentialBasicAuth{
ObjectMeta: commonObjectMeta,
Spec: configurationv1alpha1.CredentialBasicAuthSpec{
ConsumerRef: corev1.LocalObjectReference{
Name: "test-kong-consumer",
},
CredentialBasicAuthAPISpec: configurationv1alpha1.CredentialBasicAuthAPISpec{
Username: "username",
Password: "password",
},
},
},
},
},
}

0 comments on commit 0bf6bf1

Please sign in to comment.