feat: add support for other credential entry types

Author: dion-gionet

Makefile

@@ -3,7 +3,7 @@
 # To re-generate a bundle for another specific version without changing the standard setup, you can:
 # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2)
 # - use environment variables to overwrite this value (e.g export VERSION=0.0.2)
-VERSION ?= 0.2.1
+VERSION ?= 0.3.0
 
 # CHANNELS define the bundle channels used in the bundle.
 # Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable")

chart/Chart.yaml

@@ -13,9 +13,9 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.1
+version: 0.3.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.2.1"
+appVersion: "0.3.0"

controllers/dvlssecret_controller.go

@@ -79,7 +79,7 @@ func (r *DvlsSecretReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 		return ctrl.Result{}, fmt.Errorf("failed to get DvlsSecret object, %w", err)
 	}
 
-	if dvlsSecret.Status.Conditions == nil || len(dvlsSecret.Status.Conditions) == 0 || dvlsSecret.Status.EntryModifiedDate.IsZero() {
+	if len(dvlsSecret.Status.Conditions) == 0 || dvlsSecret.Status.EntryModifiedDate.IsZero() {
 		meta.SetStatusCondition(&dvlsSecret.Status.Conditions, v1.Condition{Type: statusAvailableDvlsSecret, Status: v1.ConditionUnknown, Reason: "Reconciling"})
 		dvlsSecret.Status.EntryModifiedDate = v1.Date(0001, time.January, 1, 1, 1, 1, 1, time.UTC)
 		if err := r.Status().Update(ctx, dvlsSecret); err != nil {
@@ -102,15 +102,6 @@ func (r *DvlsSecretReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 		return ctrl.Result{}, nil
 	}
 
-	if entry.Type != string(dvls.ServerConnectionCredential) || entry.SubType != string(dvls.ServerConnectionSubTypeDefault) {
-		log.Error(err, "entry type not supported, only username/password entries are supported", "entryId", dvlsSecret.Spec.EntryID, "entryType", entry.Type, "entrySubType", entry.SubType)
-		meta.SetStatusCondition(&dvlsSecret.Status.Conditions, v1.Condition{Type: statusDegradedDvlsSecret, Status: v1.ConditionTrue, Reason: "Reconciling", Message: "Entry type not supported, only username/password entries are supported"})
-		if err := r.Status().Update(ctx, dvlsSecret); err != nil {
-			log.Error(err, "Failed to update DvlsSecret status")
-		}
-		return ctrl.Result{}, nil
-	}
-
 	kSecret := &corev1.Secret{}
 	err = r.Get(ctx, req.NamespacedName, kSecret)
 	if err != nil && !apierrors.IsNotFound(err) {
@@ -130,19 +121,9 @@ func (r *DvlsSecretReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 		}, nil
 	}
 
-	defaultData, ok := entry.GetCredentialDefaultData()
-	if !ok {
-		return ctrl.Result{}, fmt.Errorf(
-			"failed to extract credential data for entry ID %s: unsupported or unexpected entry type (type: %s, subtype: %s)",
-			dvlsSecret.Spec.EntryID, entry.Type, entry.SubType)
-	}
-
-	secretMap := make(map[string]string)
-	secretMap["entry-id"] = entry.Id
-	secretMap["entry-name"] = entry.Name
-	secretMap["username"] = defaultData.Username
-	if defaultData.Password != "" {
-		secretMap["password"] = defaultData.Password
+	secretMap, err := setSecretMap(entry)
+	if err != nil {
+		return ctrl.Result{}, fmt.Errorf("failed to set secret map, %w", err)
 	}
 
 	if kSecretNotFound {
@@ -210,3 +191,87 @@ func (r *DvlsSecretReconciler) SetupWithManager(mgr ctrl.Manager) error {
 		Owns(&corev1.Secret{}).
 		Complete(r)
 }
+
+func setSecretMap(entry dvls.Entry) (map[string]string, error) {
+	secretMap := make(map[string]string)
+	secretMap["entry-id"] = entry.Id
+	secretMap["entry-name"] = entry.Name
+
+	switch entry.SubType {
+	case dvls.EntryCredentialSubTypeDefault:
+		if data, ok := entry.GetCredentialDefaultData(); ok {
+			if data.Username != "" {
+				secretMap["username"] = data.Username
+			}
+			if data.Password != "" {
+				secretMap["password"] = data.Password
+			}
+			if data.Domain != "" {
+				secretMap["domain"] = data.Domain
+			}
+		}
+
+	case dvls.EntryCredentialSubTypeAccessCode:
+		if data, ok := entry.GetCredentialAccessCodeData(); ok {
+			if data.Password != "" {
+				secretMap["password"] = data.Password
+			}
+		}
+
+	case dvls.EntryCredentialSubTypeApiKey:
+		if data, ok := entry.GetCredentialApiKeyData(); ok {
+			if data.ApiId != "" {
+				secretMap["api-id"] = data.ApiId
+			}
+			if data.ApiKey != "" {
+				secretMap["api-key"] = data.ApiKey
+			}
+			if data.TenantId != "" {
+				secretMap["tenant-id"] = data.TenantId
+			}
+		}
+
+	case dvls.EntryCredentialSubTypeAzureServicePrincipal:
+		if data, ok := entry.GetCredentialAzureServicePrincipalData(); ok {
+			if data.ClientId != "" {
+				secretMap["client-id"] = data.ClientId
+			}
+			if data.ClientSecret != "" {
+				secretMap["client-secret"] = data.ClientSecret
+			}
+			if data.TenantId != "" {
+				secretMap["tenant-id"] = data.TenantId
+			}
+		}
+
+	case dvls.EntryCredentialSubTypeConnectionString:
+		if data, ok := entry.GetCredentialConnectionStringData(); ok {
+			if data.ConnectionString != "" {
+				secretMap["connection-string"] = data.ConnectionString
+			}
+		}
+
+	case dvls.EntryCredentialSubTypePrivateKey:
+		if data, ok := entry.GetCredentialPrivateKeyData(); ok {
+			if data.Username != "" {
+				secretMap["username"] = data.Username
+			}
+			if data.Password != "" {
+				secretMap["password"] = data.Password
+			}
+			if data.PrivateKey != "" {
+				secretMap["private-key"] = data.PrivateKey
+			}
+			if data.PublicKey != "" {
+				secretMap["public-key"] = data.PublicKey
+			}
+			if data.Passphrase != "" {
+				secretMap["passphrase"] = data.Passphrase
+			}
+		}
+	default:
+		return nil, fmt.Errorf("unsupported credential subtype: %s", entry.SubType)
+	}
+
+	return secretMap, nil
+}