Skip to content

Commit f606652

Browse files
update cloudprovider secret fields in validation (#75)
* use project-id and serviceaccount.json from cloudprovider secret * fix some tests * add more tests * fix more tests
1 parent cad7a92 commit f606652

14 files changed

+73
-67
lines changed

pkg/provider/apis/validation/validation.go

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -53,22 +53,22 @@ func ValidateProviderSpecNSecret(spec *api.ProviderSpec, secrets *corev1.Secret)
5353
return errors // Return early if secret is nil
5454
}
5555

56-
projectID, ok := secrets.Data["projectId"]
56+
projectID, ok := secrets.Data["project-id"]
5757
if !ok {
58-
errors = append(errors, fmt.Errorf("secret field 'projectId' is required"))
58+
errors = append(errors, fmt.Errorf("secret field 'project-id' is required"))
5959
} else if len(projectID) == 0 {
60-
errors = append(errors, fmt.Errorf("secret field 'projectId' cannot be empty"))
60+
errors = append(errors, fmt.Errorf("secret field 'project-id' cannot be empty"))
6161
} else if !isValidUUID(string(projectID)) {
62-
errors = append(errors, fmt.Errorf("secret field 'projectId' must be a valid UUID"))
62+
errors = append(errors, fmt.Errorf("secret field 'project-id' must be a valid UUID"))
6363
}
6464

6565
// Validate serviceAccountKey (required for authentication)
6666
// ServiceAccount Key Flow: JSON string containing service account credentials and private key
67-
serviceAccountKey, ok := secrets.Data["serviceAccountKey"]
67+
serviceAccountKey, ok := secrets.Data["serviceaccount.json"]
6868
if !ok {
69-
errors = append(errors, fmt.Errorf("secret field 'serviceAccountKey' is required"))
69+
errors = append(errors, fmt.Errorf("secret field 'serviceaccount.json' is required"))
7070
} else if len(serviceAccountKey) == 0 {
71-
errors = append(errors, fmt.Errorf("secret field 'serviceAccountKey' cannot be empty"))
71+
errors = append(errors, fmt.Errorf("secret field 'serviceaccount.json' cannot be empty"))
7272
} else if !isValidJSON(string(serviceAccountKey)) {
7373
errors = append(errors, fmt.Errorf("secret field 'serviceAccountKey' must be valid JSON (service account credentials)"))
7474
}

pkg/provider/apis/validation/validation_core_labels_test.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -26,9 +26,9 @@ var _ = Describe("ValidateProviderSpecNSecret", func() {
2626
}
2727
secret = &corev1.Secret{
2828
Data: map[string][]byte{
29-
"projectId": []byte("11111111-2222-3333-4444-555555555555"),
30-
"serviceAccountKey": []byte(`{"credentials":{"iss":"test"}}`),
31-
"region": []byte("eu01-1"),
29+
"project-id": []byte("11111111-2222-3333-4444-555555555555"),
30+
"serviceaccount.json": []byte(`{"credentials":{"iss":"test"}}`),
31+
"region": []byte("eu01-1"),
3232
},
3333
}
3434
})

pkg/provider/apis/validation/validation_fields_test.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -26,9 +26,9 @@ var _ = Describe("ValidateProviderSpecNSecret", func() {
2626
}
2727
secret = &corev1.Secret{
2828
Data: map[string][]byte{
29-
"projectId": []byte("11111111-2222-3333-4444-555555555555"),
30-
"serviceAccountKey": []byte(`{"credentials":{"iss":"test"}}`),
31-
"region": []byte("eu01-1"),
29+
"project-id": []byte("11111111-2222-3333-4444-555555555555"),
30+
"serviceaccount.json": []byte(`{"credentials":{"iss":"test"}}`),
31+
"region": []byte("eu01-1"),
3232
},
3333
}
3434
})

pkg/provider/apis/validation/validation_networking_test.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -26,9 +26,9 @@ var _ = Describe("ValidateProviderSpecNSecret", func() {
2626
}
2727
secret = &corev1.Secret{
2828
Data: map[string][]byte{
29-
"projectId": []byte("11111111-2222-3333-4444-555555555555"),
30-
"serviceAccountKey": []byte(`{"credentials":{"iss":"test"}}`),
31-
"region": []byte("eu01-1"),
29+
"project-id": []byte("11111111-2222-3333-4444-555555555555"),
30+
"serviceaccount.json": []byte(`{"credentials":{"iss":"test"}}`),
31+
"region": []byte("eu01-1"),
3232
},
3333
}
3434
})

pkg/provider/apis/validation/validation_secgroup_test.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -26,9 +26,9 @@ var _ = Describe("ValidateProviderSpecNSecret", func() {
2626
}
2727
secret = &corev1.Secret{
2828
Data: map[string][]byte{
29-
"projectId": []byte("11111111-2222-3333-4444-555555555555"),
30-
"serviceAccountKey": []byte(`{"credentials":{"iss":"test"}}`),
31-
"region": []byte("eu01-1"),
29+
"project-id": []byte("11111111-2222-3333-4444-555555555555"),
30+
"serviceaccount.json": []byte(`{"credentials":{"iss":"test"}}`),
31+
"region": []byte("eu01-1"),
3232
},
3333
}
3434
})

pkg/provider/apis/validation/validation_secret_test.go

Lines changed: 18 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -26,9 +26,9 @@ var _ = Describe("ValidateProviderSpecNSecret", func() {
2626
}
2727
secret = &corev1.Secret{
2828
Data: map[string][]byte{
29-
"projectId": []byte("11111111-2222-3333-4444-555555555555"),
30-
"serviceAccountKey": []byte(`{"credentials":{"iss":"test"}}`),
31-
"region": []byte("eu01-1"),
29+
"project-id": []byte("11111111-2222-3333-4444-555555555555"),
30+
"serviceaccount.json": []byte(`{"credentials":{"iss":"test"}}`),
31+
"region": []byte("eu01-1"),
3232
},
3333
}
3434
})
@@ -44,46 +44,46 @@ var _ = Describe("ValidateProviderSpecNSecret", func() {
4444
secret.Data = map[string][]byte{}
4545
errors := ValidateProviderSpecNSecret(providerSpec, secret)
4646
Expect(errors).NotTo(BeEmpty())
47-
Expect(errors[0].Error()).To(ContainSubstring("projectId"))
47+
Expect(errors[0].Error()).To(ContainSubstring("project-id"))
4848
})
4949

5050
It("should fail when projectId is empty in secret", func() {
51-
secret.Data["projectId"] = []byte("")
51+
secret.Data["project-id"] = []byte("")
5252
errors := ValidateProviderSpecNSecret(providerSpec, secret)
5353
Expect(errors).NotTo(BeEmpty())
54-
Expect(errors[0].Error()).To(ContainSubstring("projectId"))
54+
Expect(errors[0].Error()).To(ContainSubstring("project-id"))
5555
})
5656

5757
It("should fail when projectId is not a valid UUID", func() {
58-
secret.Data["projectId"] = []byte("invalid-uuid")
58+
secret.Data["project-id"] = []byte("invalid-uuid")
5959
errors := ValidateProviderSpecNSecret(providerSpec, secret)
6060
Expect(errors).NotTo(BeEmpty())
61-
Expect(errors[0].Error()).To(ContainSubstring("projectId' must be a valid UUID"))
61+
Expect(errors[0].Error()).To(ContainSubstring("project-id' must be a valid UUID"))
6262
})
6363

64-
It("should fail when serviceAccountKey is missing from secret", func() {
65-
delete(secret.Data, "serviceAccountKey")
64+
It("should fail when serviceaccount.json is missing from secret", func() {
65+
delete(secret.Data, "serviceaccount.json")
6666
errors := ValidateProviderSpecNSecret(providerSpec, secret)
6767
Expect(errors).NotTo(BeEmpty())
68-
Expect(errors[0].Error()).To(ContainSubstring("serviceAccountKey"))
68+
Expect(errors[0].Error()).To(ContainSubstring("serviceaccount.json"))
6969
})
7070

71-
It("should fail when serviceAccountKey is empty in secret", func() {
72-
secret.Data["serviceAccountKey"] = []byte("")
71+
It("should fail when serviceaccount.json is empty in secret", func() {
72+
secret.Data["serviceaccount.json"] = []byte("")
7373
errors := ValidateProviderSpecNSecret(providerSpec, secret)
7474
Expect(errors).NotTo(BeEmpty())
75-
Expect(errors[0].Error()).To(ContainSubstring("serviceAccountKey"))
75+
Expect(errors[0].Error()).To(ContainSubstring("serviceaccount.json"))
7676
})
7777

78-
It("should fail when serviceAccountKey is not valid JSON", func() {
79-
secret.Data["serviceAccountKey"] = []byte("not-valid-json")
78+
It("should fail when serviceaccount.json is not valid JSON", func() {
79+
secret.Data["serviceaccount.json"] = []byte("not-valid-json")
8080
errors := ValidateProviderSpecNSecret(providerSpec, secret)
8181
Expect(errors).NotTo(BeEmpty())
8282
Expect(errors[0].Error()).To(ContainSubstring("must be valid JSON"))
8383
})
8484

85-
It("should fail when serviceAccountKey is malformed JSON (missing closing brace)", func() {
86-
secret.Data["serviceAccountKey"] = []byte(`{"credentials":{"iss":"test"`)
85+
It("should fail when serviceaccount.json is malformed JSON (missing closing brace)", func() {
86+
secret.Data["serviceaccount.json"] = []byte(`{"credentials":{"iss":"test"`)
8787
errors := ValidateProviderSpecNSecret(providerSpec, secret)
8888
Expect(errors).NotTo(BeEmpty())
8989
Expect(errors[0].Error()).To(ContainSubstring("must be valid JSON"))

pkg/provider/apis/validation/validation_volumes_test.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -26,9 +26,9 @@ var _ = Describe("ValidateProviderSpecNSecret", func() {
2626
}
2727
secret = &corev1.Secret{
2828
Data: map[string][]byte{
29-
"projectId": []byte("11111111-2222-3333-4444-555555555555"),
30-
"serviceAccountKey": []byte(`{"credentials":{"iss":"test"}}`),
31-
"region": []byte("eu01-1"),
29+
"project-id": []byte("11111111-2222-3333-4444-555555555555"),
30+
"serviceaccount.json": []byte(`{"credentials":{"iss":"test"}}`),
31+
"region": []byte("eu01-1"),
3232
},
3333
}
3434
})

pkg/provider/core.go

Lines changed: 12 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -51,8 +51,8 @@ func (p *Provider) CreateMachine(ctx context.Context, req *driver.CreateMachineR
5151
}
5252

5353
// Extract credentials from Secret
54-
projectID := string(req.Secret.Data["projectId"])
55-
serviceAccountKey := string(req.Secret.Data["serviceAccountKey"])
54+
projectID := string(req.Secret.Data["project-id"])
55+
serviceAccountKey := string(req.Secret.Data["serviceaccount.json"])
5656
region := string(req.Secret.Data["region"])
5757

5858
// Initialize client on first use (lazy initialization)
@@ -210,7 +210,7 @@ func (p *Provider) DeleteMachine(ctx context.Context, req *driver.DeleteMachineR
210210
}
211211

212212
// Extract credentials from Secret
213-
serviceAccountKey := string(req.Secret.Data["serviceAccountKey"])
213+
serviceAccountKey := string(req.Secret.Data["serviceaccount.json"])
214214
region := string(req.Secret.Data["region"])
215215

216216
// Initialize client on first use (lazy initialization)
@@ -220,6 +220,9 @@ func (p *Provider) DeleteMachine(ctx context.Context, req *driver.DeleteMachineR
220220

221221
// Parse ProviderID to extract projectID and serverID
222222
projectID, serverID, err := parseProviderID(req.Machine.Spec.ProviderID)
223+
if projectID == "" {
224+
projectID = string(req.Secret.Data["project-id"])
225+
}
223226
if err != nil {
224227
return nil, status.Error(codes.InvalidArgument, fmt.Sprintf("invalid ProviderID format: %v", err))
225228
}
@@ -269,7 +272,7 @@ func (p *Provider) GetMachineStatus(ctx context.Context, req *driver.GetMachineS
269272
}
270273

271274
// Extract credentials from Secret
272-
serviceAccountKey := string(req.Secret.Data["serviceAccountKey"])
275+
serviceAccountKey := string(req.Secret.Data["serviceaccount.json"])
273276
region := string(req.Secret.Data["region"])
274277

275278
// Initialize client on first use (lazy initialization)
@@ -280,6 +283,9 @@ func (p *Provider) GetMachineStatus(ctx context.Context, req *driver.GetMachineS
280283
// Parse ProviderID to extract projectID and serverID
281284
// Expected format: stackit://<projectId>/<serverId>
282285
projectID, serverID, err := parseProviderID(req.Machine.Spec.ProviderID)
286+
if projectID == "" {
287+
projectID = string(req.Secret.Data["project-id"])
288+
}
283289
if err != nil {
284290
return nil, status.Error(codes.InvalidArgument, fmt.Sprintf("invalid ProviderID format: %v", err))
285291
}
@@ -322,8 +328,8 @@ func (p *Provider) ListMachines(ctx context.Context, req *driver.ListMachinesReq
322328
defer klog.V(2).Infof("List machines request has been processed for %q", req.MachineClass.Name)
323329

324330
// Extract credentials from Secret
325-
projectID := string(req.Secret.Data["projectId"])
326-
serviceAccountKey := string(req.Secret.Data["serviceAccountKey"])
331+
projectID := string(req.Secret.Data["project-id"])
332+
serviceAccountKey := string(req.Secret.Data["serviceaccount.json"])
327333
region := string(req.Secret.Data["region"])
328334

329335
// Initialize client on first use (lazy initialization)

pkg/provider/core_create_machine_basic_test.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -41,10 +41,10 @@ var _ = Describe("CreateMachine", func() {
4141
// Create secret with projectId and networkId (required for v2 API)
4242
secret = &corev1.Secret{
4343
Data: map[string][]byte{
44-
"projectId": []byte("11111111-2222-3333-4444-555555555555"),
45-
"serviceAccountKey": []byte(`{"credentials":{"iss":"test"}}`),
46-
"region": []byte("eu01-1"),
47-
"networkId": []byte("770e8400-e29b-41d4-a716-446655440000"),
44+
"project-id": []byte("11111111-2222-3333-4444-555555555555"),
45+
"serviceaccount.json": []byte(`{"credentials":{"iss":"test"}}`),
46+
"region": []byte("eu01-1"),
47+
"networkId": []byte("770e8400-e29b-41d4-a716-446655440000"),
4848
},
4949
}
5050

pkg/provider/core_create_machine_config_test.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -38,10 +38,10 @@ var _ = Describe("CreateMachine", func() {
3838
// Create secret with projectId and networkId (required for v2 API)
3939
secret = &corev1.Secret{
4040
Data: map[string][]byte{
41-
"projectId": []byte("11111111-2222-3333-4444-555555555555"),
42-
"serviceAccountKey": []byte(`{"credentials":{"iss":"test"}}`),
43-
"region": []byte("eu01-1"),
44-
"networkId": []byte("770e8400-e29b-41d4-a716-446655440000"),
41+
"project-id": []byte("11111111-2222-3333-4444-555555555555"),
42+
"serviceaccount.json": []byte(`{"credentials":{"iss":"test"}}`),
43+
"region": []byte("eu01-1"),
44+
"networkId": []byte("770e8400-e29b-41d4-a716-446655440000"),
4545
},
4646
}
4747

0 commit comments

Comments
 (0)