-
Notifications
You must be signed in to change notification settings - Fork 1.5k
Add support for parameter store authentication #7572
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from all commits
5d9836b
2517b5d
461cdec
d581391
3f20162
d5f3e73
ce2edcc
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -102,6 +102,9 @@ type TriggerAuthenticationSpec struct { | |
| // +optional | ||
| AwsSecretManager *AwsSecretManager `json:"awsSecretManager,omitempty"` | ||
|
|
||
| // +optional | ||
| AwsParameterStore *AwsParameterStore `json:"awsParameterStore,omitempty"` | ||
|
|
||
| // +optional | ||
| BoundServiceAccountToken []BoundServiceAccountToken `json:"boundServiceAccountToken,omitempty"` | ||
| } | ||
|
|
@@ -398,6 +401,40 @@ type AwsSecretManagerSecret struct { | |
| SecretKey string `json:"secretKey,omitempty"` | ||
| } | ||
|
|
||
| // AwsParameterStore is used to authenticate using AWS Systems Manager Parameter Store | ||
| type AwsParameterStore struct { | ||
| // +kubebuilder:validation:MinItems=1 | ||
| Parameters []AwsParameterStoreParameter `json:"parameters"` | ||
| // +optional | ||
| Credentials *AwsParameterStoreCredentials `json:"credentials"` | ||
| // +optional | ||
| PodIdentity *AuthPodIdentity `json:"podIdentity"` | ||
|
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Should
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I believe omitempty isn't needed for pointers, same pattern is used for here |
||
| // +optional | ||
| Region string `json:"region,omitempty"` | ||
| } | ||
|
|
||
| type AwsParameterStoreCredentials struct { | ||
| AccessKey *AwsParameterStoreValue `json:"accessKey"` | ||
| AccessSecretKey *AwsParameterStoreValue `json:"accessSecretKey"` | ||
| // +optional | ||
| AccessToken *AwsParameterStoreValue `json:"accessToken,omitempty"` | ||
| } | ||
|
|
||
| type AwsParameterStoreValue struct { | ||
| ValueFrom ValueFromSecret `json:"valueFrom"` | ||
| } | ||
|
|
||
| // WithDecryption defaults to true if not specified. | ||
| // For SecureString parameters, this must be true to retrieve the plaintext value. | ||
| // Set to false for SecureString parameters to retrieve the encrypted value. | ||
| // For String parameters, this setting has no effect. | ||
| type AwsParameterStoreParameter struct { | ||
| Parameter string `json:"parameter"` | ||
| Name string `json:"name"` | ||
| // +optional | ||
| WithDecryption *bool `json:"withDecryption,omitempty"` | ||
|
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Can you add here a comment to clarify what omitting WithDecryption (leaving it nil) means? Users likely need to set this to true to get the plaintext, right?
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. that's updated |
||
| } | ||
|
|
||
| type BoundServiceAccountToken struct { | ||
| Parameter string `json:"parameter"` | ||
| ServiceAccountName string `json:"serviceAccountName"` | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should
omitemptyappear here too?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe
omitemptyisn't needed for pointers, same pattern is used for hereThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you include the line number in the reference, so I can check exactly which one you mean?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
whoops sorry I thought I had, here it is https://github.com/stegojulia/keda/blob/3a66e4f91dbd340a4e06b262f5cd6396c325373b/apis/keda/v1alpha1/triggerauthentication_types.go#L409
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, check. I only know that part from the API convention for using that:
https://github.com/kubernetes/community/blob/main/contributors/devel/sig-architecture/api-conventions.md?plain=1#L841