diff --git a/apis/kubernetes/v1alpha1/zz_authbackendconfig_types.go b/apis/kubernetes/v1alpha1/zz_authbackendconfig_types.go index c8343793..31f18800 100755 --- a/apis/kubernetes/v1alpha1/zz_authbackendconfig_types.go +++ b/apis/kubernetes/v1alpha1/zz_authbackendconfig_types.go @@ -29,9 +29,6 @@ type AuthBackendConfigObservation struct { // Optional JWT issuer. If no issuer is specified, kubernetes.io/serviceaccount will be used as the default issuer. Issuer *string `json:"issuer,omitempty" tf:"issuer,omitempty"` - // PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API. - KubernetesCACert *string `json:"kubernetesCaCert,omitempty" tf:"kubernetes_ca_cert,omitempty"` - // Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server. KubernetesHost *string `json:"kubernetesHost,omitempty" tf:"kubernetes_host,omitempty"` @@ -62,7 +59,7 @@ type AuthBackendConfigParameters struct { // PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API. // +kubebuilder:validation:Optional - KubernetesCACert *string `json:"kubernetesCaCert,omitempty" tf:"kubernetes_ca_cert,omitempty"` + KubernetesCACertSecretRef *v1.SecretKeySelector `json:"kubernetesCaCertSecretRef,omitempty" tf:"-"` // Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server. // +kubebuilder:validation:Optional diff --git a/apis/kubernetes/v1alpha1/zz_generated.deepcopy.go b/apis/kubernetes/v1alpha1/zz_generated.deepcopy.go index edb74e97..cab302d7 100644 --- a/apis/kubernetes/v1alpha1/zz_generated.deepcopy.go +++ b/apis/kubernetes/v1alpha1/zz_generated.deepcopy.go @@ -101,11 +101,6 @@ func (in *AuthBackendConfigObservation) DeepCopyInto(out *AuthBackendConfigObser *out = new(string) **out = **in } - if in.KubernetesCACert != nil { - in, out := &in.KubernetesCACert, &out.KubernetesCACert - *out = new(string) - **out = **in - } if in.KubernetesHost != nil { in, out := &in.KubernetesHost, &out.KubernetesHost *out = new(string) @@ -162,9 +157,9 @@ func (in *AuthBackendConfigParameters) DeepCopyInto(out *AuthBackendConfigParame *out = new(string) **out = **in } - if in.KubernetesCACert != nil { - in, out := &in.KubernetesCACert, &out.KubernetesCACert - *out = new(string) + if in.KubernetesCACertSecretRef != nil { + in, out := &in.KubernetesCACertSecretRef, &out.KubernetesCACertSecretRef + *out = new(v1.SecretKeySelector) **out = **in } if in.KubernetesHost != nil { diff --git a/apis/kubernetes/v1alpha1/zz_generated_terraformed.go b/apis/kubernetes/v1alpha1/zz_generated_terraformed.go index 6d6037e1..f9ef7c8f 100755 --- a/apis/kubernetes/v1alpha1/zz_generated_terraformed.go +++ b/apis/kubernetes/v1alpha1/zz_generated_terraformed.go @@ -20,7 +20,7 @@ func (mg *AuthBackendConfig) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this AuthBackendConfig func (tr *AuthBackendConfig) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"token_reviewer_jwt": "spec.forProvider.tokenReviewerJwtSecretRef"} + return map[string]string{"kubernetes_ca_cert": "spec.forProvider.kubernetesCaCertSecretRef", "token_reviewer_jwt": "spec.forProvider.tokenReviewerJwtSecretRef"} } // GetObservation of this AuthBackendConfig diff --git a/config/kubernetesauthbackendconfig/config.go b/config/kubernetesauthbackendconfig/config.go new file mode 100644 index 00000000..c206ece2 --- /dev/null +++ b/config/kubernetesauthbackendconfig/config.go @@ -0,0 +1,10 @@ +package kubernetesauthbackendconfig + +import "github.com/upbound/upjet/pkg/config" + +// Configure configures individual resources by adding custom ResourceConfigurators. +func Configure(p *config.Provider) { + p.AddResourceConfigurator("vault_kubernetes_auth_backend_config", func(r *config.Resource) { + r.TerraformResource.Schema["kubernetes_ca_cert"].Sensitive = true + }) +} diff --git a/config/provider.go b/config/provider.go index f4347a24..57b078e3 100644 --- a/config/provider.go +++ b/config/provider.go @@ -8,6 +8,7 @@ import ( // Note(turkenh): we are importing this to embed provider schema document _ "embed" + "github.com/upbound/provider-vault/config/kubernetesauthbackendconfig" ujconfig "github.com/upbound/upjet/pkg/config" ) @@ -33,6 +34,7 @@ func GetProvider() *ujconfig.Provider { for _, configure := range []func(provider *ujconfig.Provider){ // add custom config functions + kubernetesauthbackendconfig.Configure, } { configure(pc) } diff --git a/package/crds/kubernetes.vault.upbound.io_authbackendconfigs.yaml b/package/crds/kubernetes.vault.upbound.io_authbackendconfigs.yaml index dab421a3..f50d9a3b 100644 --- a/package/crds/kubernetes.vault.upbound.io_authbackendconfigs.yaml +++ b/package/crds/kubernetes.vault.upbound.io_authbackendconfigs.yaml @@ -83,10 +83,24 @@ spec: description: Optional JWT issuer. If no issuer is specified, kubernetes.io/serviceaccount will be used as the default issuer. type: string - kubernetesCaCert: + kubernetesCaCertSecretRef: description: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API. - type: string + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object kubernetesHost: description: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server. @@ -333,10 +347,6 @@ spec: description: Optional JWT issuer. If no issuer is specified, kubernetes.io/serviceaccount will be used as the default issuer. type: string - kubernetesCaCert: - description: PEM encoded CA cert for use by the TLS client used - to talk with the Kubernetes API. - type: string kubernetesHost: description: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.