Add secret export support to TopicAuthorizationRule (#5039)

* Initial plan

* Add secret export support to TopicAuthorizationRule

- Added $azureGeneratedSecrets config in azure-arm.yaml
- Ran code generator to create Secrets field in TopicAuthorizationRuleOperatorSpec
- Implemented KubernetesSecretExporter interface in topic_authorization_rule_extensions.go
- Added unit test for secret specification logic

Co-authored-by: matthchr <[email protected]>

* Fix kustomize format and complete implementation

- Fixed kustomize configuration format compatibility
- Verified controller builds successfully
- All custom tests passing

Co-authored-by: matthchr <[email protected]>

* Add secret export test for TopicAuthorizationRule

Updated ServiceBus_Topic_AuthorizationRule_v1api20240101_CRUD test to:
- Add OperatorSpec with Secrets configuration for all four secret types
- Patch the resource to trigger secret export
- Assert that secrets are correctly written with all expected keys

Co-authored-by: matthchr <[email protected]>

* Add comment to secret test

---------

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: matthchr <[email protected]>
Co-authored-by: Matthew Christopher <[email protected]>

Author: Copilot

v2/api/apimanagement/customizations/subscription_extensions_test.go

@@ -32,6 +32,8 @@ func Test_SecretsSpecified_AllSecretsSpecifiedAllSecretsReturned(t *testing.T) {
 	}
 	secretNames := secretsSpecified(obj)
 	expectedTags := reflecthelpers.GetJSONTags(reflect.TypeOf(apimanagement.SubscriptionOperatorSecrets{}))
+	// We expect every property in the secrets struct to be considered a secret except for the $propertyBag one
+	// (that property exists because this is the storage version)
 	expectedTags.Remove("$propertyBag")
 
 	g.Expect(expectedTags).To(Equal(secretNames))

v2/api/appconfiguration/customizations/configuration_store_extensions_test.go

@@ -32,6 +32,8 @@ func Test_SecretsSpecified_AllSecretsSpecifiedAllSecretsReturned(t *testing.T) {
 	}
 	secretNames := secretsSpecified(obj)
 	expectedTags := reflecthelpers.GetJSONTags(reflect.TypeOf(appconfiguration.ConfigurationStoreOperatorSecrets{}))
+	// We expect every property in the secrets struct to be considered a secret except for the $propertyBag one
+	// (that property exists because this is the storage version)
 	expectedTags.Remove("$propertyBag")
 
 	g.Expect(expectedTags).To(Equal(secretNames))

v2/api/containerservice/customizations/managed_cluster_extensions_test.go

@@ -32,6 +32,8 @@ func Test_SecretsSpecified_AllSecretsSpecifiedAllSecretsReturned(t *testing.T) {
 	}
 	secretNames := secretsSpecified(obj)
 	expectedTags := reflecthelpers.GetJSONTags(reflect.TypeOf(containerservice.ManagedClusterOperatorSecrets{}))
+	// We expect every property in the secrets struct to be considered a secret except for the $propertyBag one
+	// (that property exists because this is the storage version)
 	expectedTags.Remove("$propertyBag")
 
 	g.Expect(expectedTags).To(Equal(secretNames))

v2/api/devices/customizations/iot_hub_extensions_test.go

@@ -32,6 +32,8 @@ func Test_SecretsSpecified_AllSecretsSpecifiedAllSecretsReturned(t *testing.T) {
 	}
 	secretNames := secretsSpecified(obj)
 	expectedTags := reflecthelpers.GetJSONTags(reflect.TypeOf(devices.IotHubOperatorSecrets{}))
+	// We expect every property in the secrets struct to be considered a secret except for the $propertyBag one
+	// (that property exists because this is the storage version)
 	expectedTags.Remove("$propertyBag")
 
 	g.Expect(expectedTags).To(Equal(secretNames))

v2/api/documentdb/customizations/database_account_extensions_test.go

@@ -32,6 +32,8 @@ func Test_SecretsSpecified_AllSecretsSpecifiedAllSecretsReturned(t *testing.T) {
 	}
 	secretNames, _ := secretsSpecified(acct)
 	expectedTags := reflecthelpers.GetJSONTags(reflect.TypeOf(documentdb.DatabaseAccountOperatorSecrets{}))
+	// We expect every property in the secrets struct to be considered a secret except for the $propertyBag one
+	// (that property exists because this is the storage version)
 	expectedTags.Remove("$propertyBag")
 	expectedTags.Remove("documentEndpoint")
 

v2/api/eventgrid/customizations/topic_extension_test.go

@@ -32,6 +32,8 @@ func Test_SecretsSpecified_AllSecretsSpecifiedAllSecretsReturned(t *testing.T) {
 	}
 	secretNames := secretsSpecified(obj)
 	expectedTags := reflecthelpers.GetJSONTags(reflect.TypeOf(eventgrid.TopicOperatorSecrets{}))
+	// We expect every property in the secrets struct to be considered a secret except for the $propertyBag one
+	// (that property exists because this is the storage version)
 	expectedTags.Remove("$propertyBag")
 
 	g.Expect(expectedTags).To(Equal(secretNames))

v2/api/eventhub/customizations/namespace_extension_test.go

@@ -34,6 +34,8 @@ func Test_NamespaceSecretsSpecified_AllSecretsSpecifiedAllSecretsReturned(t *tes
 	// If this doesn't compile, check that the version of eventhub imported is the hub version
 	secretNames := namespaceSecretsSpecified(obj)
 	expectedTags := reflecthelpers.GetJSONTags(reflect.TypeOf(eventhub.NamespaceOperatorSecrets{}))
+	// We expect every property in the secrets struct to be considered a secret except for the $propertyBag one
+	// (that property exists because this is the storage version)
 	expectedTags.Remove("$propertyBag")
 
 	g.Expect(expectedTags).To(Equal(secretNames))

v2/api/eventhub/customizations/namespaces_authorization_rule_extension_test.go

@@ -34,6 +34,8 @@ func Test_NamespaceAuthorizationRuleSecretsSpecified_AllSecretsSpecifiedAllSecre
 	// If this doesn't compile, check that the version of eventhub imported is the hub version
 	secretNames := namespacesAuthorizationRuleSecretsSpecified(obj)
 	expectedTags := reflecthelpers.GetJSONTags(reflect.TypeOf(eventhub.NamespacesAuthorizationRuleOperatorSecrets{}))
+	// We expect every property in the secrets struct to be considered a secret except for the $propertyBag one
+	// (that property exists because this is the storage version)
 	expectedTags.Remove("$propertyBag")
 
 	g.Expect(expectedTags).To(Equal(secretNames))

v2/api/eventhub/customizations/namespaces_eventhubs_authorization_rule_extension_test.go

@@ -34,6 +34,8 @@ func Test_NamespaceEventHubsAuthorizationRuleSecretsSpecified_AllSecretsSpecifie
 	// If this doesn't compile, check that the version of eventhub imported is the hub version
 	secretNames := namespacesEventHubAuthorizationRuleSecretsSpecified(obj)
 	expectedTags := reflecthelpers.GetJSONTags(reflect.TypeOf(eventhub.NamespacesEventhubsAuthorizationRuleOperatorSecrets{}))
+	// We expect every property in the secrets struct to be considered a secret except for the $propertyBag one
+	// (that property exists because this is the storage version)
 	expectedTags.Remove("$propertyBag")
 
 	g.Expect(expectedTags).To(Equal(secretNames))

v2/api/machinelearningservices/customizations/workspace_extension_test.go

@@ -32,6 +32,8 @@ func Test_SecretsSpecified_AllSecretsSpecifiedAllSecretsReturned(t *testing.T) {
 	}
 	secretNames := secretsSpecified(obj)
 	expectedTags := reflecthelpers.GetJSONTags(reflect.TypeOf(machinelearning.WorkspaceOperatorSecrets{}))
+	// We expect every property in the secrets struct to be considered a secret except for the $propertyBag one
+	// (that property exists because this is the storage version)
 	expectedTags.Remove("$propertyBag")
 
 	g.Expect(expectedTags).To(Equal(secretNames))