feat: allow setting additional markup on generated secret resource using template (#192)

iAnomaly · Flydiverny · commit 25e2f7426ee9 · 2019-11-05T21:10:20.000+01:00
The template will be deep merged without mutating any existing fields. For example: you cannot override metadata.name.

```yaml
apiVersion: 'kubernetes-client.io/v1'
kind: ExternalSecret
metadata:
  name: hello-service
secretDescriptor:
  template:
    metadata:
      annotations:
        cat: cheese
      labels:
        dog: farfel
  data:
    ...
```
diff --git a/README.md b/README.md
@@ -127,6 +127,14 @@ secretDescriptor:
   data:
     - key: hello-service/password
       name: password
+  # optional: specify a template with any additional markup you would like added to the downstream Secret resource.
+  # This template will be deep merged without mutating any existing fields. For example: you cannot override metadata.name.
+  template:
+    metadata:
+      annotations:
+        cat: cheese
+      labels:
+        dog: farfel
 ```
 or
 ```yml
@@ -198,6 +206,10 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: hello-service
+  annotations:
+    cat: cheese
+  labels:
+    dog: farfel
 type: Opaque
 data:
   password: MTIzNA==
diff --git a/lib/poller.js b/lib/poller.js
@@ -1,5 +1,8 @@
 'use strict'
 
+const clonedeep = require('lodash.clonedeep')
+const merge = require('lodash.merge')
+
 /**
  * Kubernetes secret descriptor.
  * @typedef {Object} SecretDescriptor
@@ -72,10 +75,10 @@ class Poller {
    */
   async _createSecretManifest () {
     const secretDescriptor = this._secretDescriptor
+    const template = secretDescriptor.template
     const data = await this._backends[secretDescriptor.backendType]
       .getSecretManifestData({ secretDescriptor })
-
-    return {
+    let secretManifest = {
       apiVersion: 'v1',
       kind: 'Secret',
       metadata: {
@@ -87,6 +90,12 @@ class Poller {
       type: secretDescriptor.type || 'Opaque',
       data
     }
+
+    if (template) {
+      secretManifest = merge(clonedeep(template), secretManifest)
+    }
+
+    return secretManifest
   }
 
   /**
diff --git a/lib/poller.test.js b/lib/poller.test.js
@@ -203,6 +203,79 @@ describe('Poller', () => {
         }
       })
     })
+
+    it('creates secret manifest - with template', async () => {
+      const poller = pollerFactory({
+        type: 'dummy-test-type',
+        backendType: 'fakeBackendType',
+        name: 'fakeSecretName',
+        properties: [
+          'fakePropertyName1',
+          'fakePropertyName2'
+        ],
+        template: {
+          metadata: {
+            annotations: {
+              cat: 'cheese'
+            },
+            labels: {
+              dog: 'farfel'
+            },
+            name: 'fakerSecretName'
+          }
+        }
+      })
+
+      backendMock.getSecretManifestData.resolves({
+        fakePropertyName1: 'ZmFrZVByb3BlcnR5VmFsdWUx', // base 64 value
+        fakePropertyName2: 'ZmFrZVByb3BlcnR5VmFsdWUy' // base 64 value
+      })
+
+      const secretManifest = await poller._createSecretManifest()
+
+      expect(backendMock.getSecretManifestData.calledWith({
+        secretDescriptor: {
+          type: 'dummy-test-type',
+          backendType: 'fakeBackendType',
+          name: 'fakeSecretName',
+          properties: [
+            'fakePropertyName1',
+            'fakePropertyName2'
+          ],
+          template: {
+            metadata: {
+              annotations: {
+                cat: 'cheese'
+              },
+              labels: {
+                dog: 'farfel'
+              },
+              name: 'fakerSecretName'
+            }
+          }
+        }
+      })).to.equal(true)
+
+      expect(secretManifest).deep.equals({
+        apiVersion: 'v1',
+        kind: 'Secret',
+        metadata: {
+          name: 'fakeSecretName',
+          ownerReferences: [getOwnerReference()],
+          annotations: {
+            cat: 'cheese'
+          },
+          labels: {
+            dog: 'farfel'
+          }
+        },
+        type: 'dummy-test-type',
+        data: {
+          fakePropertyName1: 'ZmFrZVByb3BlcnR5VmFsdWUx', // base 64 value
+          fakePropertyName2: 'ZmFrZVByb3BlcnR5VmFsdWUy' // base 64 value
+        }
+      })
+    })
   })
 
   describe('_poll', () => {
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -34,6 +34,7 @@
     "json-stream": "^1.0.0",
     "kubernetes-client": "^8.3.0",
     "lodash.clonedeep": "^4.5.0",
+    "lodash.merge": "^4.6.2",
     "make-promises-safe": "^5.0.0",
     "pino": "^5.12.0",
     "prom-client": "^11.5.3"
