hotfix: enable external secret stores panic (#19)

* hotfix: enable external secret stores panic

Signed-off-by: Ismail KABOUBI <[email protected]>

* goimported

Signed-off-by: Ismail KABOUBI <[email protected]>

* fix up_version in makefile

Signed-off-by: Ismail KABOUBI <[email protected]>

* update gitsubmodule

Signed-off-by: Ismail KABOUBI <[email protected]>

* fix crossplane version for local-deploy

Signed-off-by: Ismail KABOUBI <[email protected]>

---------

Signed-off-by: Ismail KABOUBI <[email protected]>

.gitmodules

@@ -1,3 +1,3 @@
 [submodule "build"]
 	path = build
-	url = https://github.com/upbound/build
+	url = https://github.com/crossplane/build

Makefile

@@ -50,10 +50,11 @@ GO_SUBDIRS += cmd internal apis
 # ====================================================================================
 # Setup Kubernetes tools
 
-KIND_VERSION = v0.15.0
-UP_VERSION = v0.18.0
+KIND_VERSION = v0.24.0
+UP_VERSION = v0.33.0
 UP_CHANNEL = stable
-UPTEST_VERSION = v0.5.0
+UPTEST_VERSION = v1.1.2
+CROSSPLANE_VERSION = v1.17.1
 -include build/makelib/k8s_tools.mk
 
 # ====================================================================================

cmd/provider/main.go

@@ -10,6 +10,8 @@ import (
 	"path/filepath"
 	"time"
 
+	"github.com/crossplane/crossplane-runtime/pkg/certificates"
+
 	xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1"
 	xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller"
 	"github.com/crossplane/crossplane-runtime/pkg/feature"
@@ -43,10 +45,10 @@ func main() {
 		leaderElection   = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool()
 		maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int()
 
-		terraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String()
-		providerSource   = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String()
-		providerVersion  = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String()
-
+		terraformVersion           = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String()
+		providerSource             = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String()
+		providerVersion            = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String()
+		essTLSCertsPath            = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String()
 		namespace                  = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String()
 		enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool()
 		enableManagementPolicies   = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool()
@@ -99,6 +101,15 @@ func main() {
 		o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind
 		log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores)
 
+		o.ESSOptions = &tjcontroller.ESSOptions{}
+		if *essTLSCertsPath != "" {
+			log.Info("ESS TLS certificates path is set. Loading mTLS configuration.")
+			tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false)
+			kingpin.FatalIfError(err, "Cannot load ESS TLS config.")
+
+			o.ESSOptions.TLSConfig = tCfg
+		}
+
 		// Ensure default store config exists.
 		kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{
 			ObjectMeta: metav1.ObjectMeta{

examples/databases/privatenetwork.yaml

@@ -0,0 +1,16 @@
+apiVersion: network.ovh.edixos.io/v1alpha1
+kind: PrivateNetwork
+metadata:
+  name: sample-1
+  labels:
+    managed-by: crossplane
+spec:
+  providerConfigRef:
+    name: default
+  forProvider:
+    name: sample-1
+    serviceName: 21658141411b4c9bb0bf863be8e8c369
+    regions:
+      - GRA11
+
+

examples/databases/redis.yaml

@@ -0,0 +1,34 @@
+apiVersion: databases.ovh.edixos.io/v1alpha1
+kind: ProjectDatabase
+metadata:
+  name: demo-0
+  namespace: default
+spec:
+  providerConfigRef:
+    name: default
+  forProvider:
+    serviceName: 21658141411b4c9bb0bf863be8e8c369
+    engine: redis
+    version: "7.0"
+    plan: "essential"
+    flavor: db1-4
+    nodes:
+      - networkId: 0c2bf126-396d-4de2-bc1e-b9bfbd54bdfb
+        subnetId: c63562ac-d061-4c8f-b65f-2e72e4db8a25
+        region: GRA
+  writeConnectionSecretToRef:
+    name: redis-demo-0
+    namespace: default
+#  publishConnectionDetailsTo:
+#    configRef:
+#      # name: staging-01
+#      name: staging-01
+#    name: redis-demo-0
+#---
+#apiVersion: ovh.edixos.io/v1alpha1
+#kind: StoreConfig
+#metadata:
+#  name: staging-01
+#spec:
+#  defaultScope: crossplane-system
+#  type: Kubernetes

examples/databases/subnet.yaml

@@ -0,0 +1,19 @@
+apiVersion: network.ovh.edixos.io/v1alpha1
+kind: Subnet
+metadata:
+  name: subnet-1
+  labels:
+    managed-by: crossplane
+spec:
+  providerConfigRef:
+    name: default
+  forProvider:
+    serviceName: 21658141411b4c9bb0bf863be8e8c369
+    networkIdRef:
+      name: sample-1
+    region: GRA11
+    start: 192.168.168.100
+    end: 192.168.168.200
+    network: 192.168.168.0/24
+    dhcp: true
+    noGateway: false

examples/databases/user-with-store-config.yaml

@@ -0,0 +1,35 @@
+apiVersion: databases.ovh.edixos.io/v1alpha1
+kind: ProjectDatabaseRedisUser
+metadata:
+  name: user-1
+  labels:
+    managed-by: crossplane
+spec:
+  forProvider:
+    serviceName: 21658141411b4c9bb0bf863be8e8c369
+    clusterId: e6d531ef-acb5-4a73-b0b6-9205a729f8f5
+    channels:
+      - "*"
+    commands:
+      - +get
+      - -set
+    keys:
+      - data
+      - properties
+    name: user-1
+  publishConnectionDetailsTo:
+    name: user-1
+    metadata:
+      labels:
+        managed-by: crossplane
+    configRef:
+      name: staging-01
+---
+apiVersion: ovh.edixos.io/v1alpha1
+kind: StoreConfig
+metadata:
+  name: staging-01
+spec:
+  defaultScope: default
+  type: Kubernetes
+

examples/databases/user.yaml

@@ -0,0 +1,22 @@
+apiVersion: databases.ovh.edixos.io/v1alpha1
+kind: ProjectDatabaseRedisUser
+metadata:
+  name: user-1
+  labels:
+      managed-by: crossplane
+spec:
+  forProvider:
+    serviceName: 21658141411b4c9bb0bf863be8e8c369
+    clusterId: e6d531ef-acb5-4a73-b0b6-9205a729f8f5
+    channels:
+      - "*"
+    commands:
+      - +get
+      - -set
+    keys:
+      - data
+      - properties
+    name: user-1
+  writeConnectionSecretToRef:
+    name: user-1
+    namespace: default

examples/install.yaml

@@ -3,7 +3,7 @@ kind: Provider
 metadata:
   name: provider-ovh
 spec:
-  package: xpkg.upbound.io/edixos/provider-ovh:v0.1.4
+  package: xpkg.upbound.io/edixos/provider-ovh:v0.40.0
   runtimeConfigRef:
     name: provider-ovh
 ---
@@ -20,4 +20,7 @@ spec:
           containers:
             - name: package-runtime
               args:
-                - --debug
+                - --debug
+                - --enable-management-policies
+                - --enable-external-secret-stores
+