Fix typo

isindir · Jun 12, 2024 · 48b26ae · 48b26ae
1 parent 9d51150
commit 48b26ae
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 20 deletions.
diff --git a/api/v1alpha3/sopssecret_types.go b/api/v1alpha3/sopssecret_types.go
@@ -22,20 +22,21 @@ type SopsSecretSpec struct {
 	// Secrets template is a list of definitions to create Kubernetes Secrets
 	//+kubebuilder:validation:MinItems=1
 	//+required
-	SecretsTemplate []SopsSecretTemplate `json:"secretTemplates"`
+	SecretTemplates []SopsSecretTemplate `json:"secretTemplates"`
 
 	// This flag tells the controller to suspend the reconciliation of this source.
 	//+optional
 	Suspend bool `json:"suspend,omitempty"`
 
 	// EnforceNamespace can be used to enforce the creation of the secrets in the same namespace as the SopsSecret resource.
-	// Must be used together with Spec.Namespace
-	EnforceNamespace bool `json:"enforce_namespace,omitempty"`
+	// Must be used together with Spec.SecretTemplatesEnforcedNamespace
+	//+optional
+	EnforceNamespace bool `json:"enforceNamespace,omitempty"`
 
-	// Namespace can be used to enforce the creation of the secrets in the same namespace as the SopsSecret resource.
+	// SecretTemplatesEnforcedNamespace can be used to enforce the creation of the secrets in the same namespace as the SopsSecret resource.
 	// Must have same value as the SopsSecret resource namespace and EnforceNamespace must be set to true.
 	//+optional
-	Namespace string `json:"namespace,omitempty"`
+	SecretTemplatesEnforcedNamespace string `json:"secretTemplatesEnforcedNamespace,omitempty"`
 }
 
 // SopsSecretTemplate defines the map of secrets to create
@@ -44,6 +45,11 @@ type SopsSecretTemplate struct {
 	//+required
 	Name string `json:"name"`
 
+	// EnforceNamespace can be used to enforce the creation of the secrets in the same namespace as the SopsSecret resource.
+	// Must be used together with Spec.Namespace
+	//+optional
+	Namespace string `json:"namespace,omitempty"`
+
 	// Annotations to apply to Kubernetes secret
 	//+optional
 	Annotations map[string]string `json:"annotations,omitempty"`

diff --git a/api/v1alpha3/zz_generated.deepcopy.go b/api/v1alpha3/zz_generated.deepcopy.go
diff --git a/config/crd/bases/isindir.github.com_sopssecrets.yaml b/config/crd/bases/isindir.github.com_sopssecrets.yaml
@@ -535,16 +535,11 @@ spec:
           spec:
             description: SopsSecret Spec definition
             properties:
-              enforce_namespace:
+              enforceNamespace:
                 description: |-
                   EnforceNamespace can be used to enforce the creation of the secrets in the same namespace as the SopsSecret resource.
-                  Must be used together with Spec.Namespace
+                  Must be used together with Spec.SecretTemplatesEnforcedNamespace
                 type: boolean
-              namespace:
-                description: |-
-                  Namespace can be used to enforce the creation of the secrets in the same namespace as the SopsSecret resource.
-                  Must have same value as the SopsSecret resource namespace and EnforceNamespace must be set to true.
-                type: string
               secretTemplates:
                 description: Secrets template is a list of definitions to create Kubernetes
                   Secrets
@@ -571,6 +566,11 @@ spec:
                     name:
                       description: Name of the Kubernetes secret to create
                       type: string
+                    namespace:
+                      description: |-
+                        EnforceNamespace can be used to enforce the creation of the secrets in the same namespace as the SopsSecret resource.
+                        Must be used together with Spec.Namespace
+                      type: string
                     stringData:
                       additionalProperties:
                         type: string
@@ -590,6 +590,11 @@ spec:
                   type: object
                 minItems: 1
                 type: array
+              secretTemplatesEnforcedNamespace:
+                description: |-
+                  SecretTemplatesEnforcedNamespace can be used to enforce the creation of the secrets in the same namespace as the SopsSecret resource.
+                  Must have same value as the SopsSecret resource namespace and EnforceNamespace must be set to true.
+                type: string
               suspend:
                 description: This flag tells the controller to suspend the reconciliation
                   of this source.

diff --git a/internal/controllers/sopssecret_controller.go b/internal/controllers/sopssecret_controller.go
@@ -88,7 +88,7 @@ func (r *SopsSecretReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 
 	// Iterate over secret templates
 	r.Log.V(1).Info("Entering template data loop", "sopssecret", req.NamespacedName)
-	for _, secretTemplate := range plainTextSopsSecret.Spec.SecretsTemplate {
+	for _, secretTemplate := range plainTextSopsSecret.Spec.SecretTemplates {
 
 		kubeSecretFromTemplate, rescheduleReconcileLoop := r.newKubeSecretFromTemplate(ctx, req, encryptedSopsSecret, plainTextSopsSecret, &secretTemplate)
 		if rescheduleReconcileLoop {
@@ -262,7 +262,7 @@ func (r *SopsSecretReconciler) newKubeSecretFromTemplate(
 	encryptedSopsSecret *isindirv1alpha3.SopsSecret,
 	plainTextSopsSecret *isindirv1alpha3.SopsSecret,
 	secretTemplate *isindirv1alpha3.SopsSecretTemplate,
-) (*corev1.Secret, bool) {
+) (secret *corev1.Secret, reschedule bool) {
 
 	// Define a new secret object
 	kubeSecretFromTemplate, err := createKubeSecretFromTemplate(plainTextSopsSecret, secretTemplate, r.Log)
@@ -374,7 +374,7 @@ func createKubeSecretFromTemplate(
 		return nil, fmt.Errorf("createKubeSecretFromTemplate(): secret template name must be specified and not empty string")
 	}
 
-	if sopsSecret.Spec.EnforceNamespace && sopsSecret.Spec.Namespace != sopsSecret.Namespace {
+	if sopsSecret.Spec.EnforceNamespace && sopsSecret.Spec.SecretTemplatesEnforcedNamespace != sopsSecret.Namespace {
 		return nil, fmt.Errorf("createKubeSecretFromTemplate(): secret template enforced namespace must be the same as the sopssecret namespace")
 	}
 

diff --git a/internal/controllers/sopssecret_controller_test.go b/internal/controllers/sopssecret_controller_test.go
@@ -88,7 +88,7 @@ var _ = Describe("SopssecretController", func() {
 				},
 				Spec: isindirv1alpha3.SopsSecretSpec{
 					Suspend:         true,
-					SecretsTemplate: []isindirv1alpha3.SopsSecretTemplate{},
+					SecretTemplates: []isindirv1alpha3.SopsSecretTemplate{},
 				},
 			}
 			Expect(controller.K8sClient.Create(ctx, sopsSecret)).NotTo(Succeed())
@@ -165,8 +165,8 @@ var _ = Describe("SopssecretController", func() {
 			By("By removing secret template from SopsSecret must remove managed k8s secret")
 			// Delete template from SopsSecret and update
 			// Delete target secret (envtest will not perform garbage collection)
-			copy(sourceSopsSecret.Spec.SecretsTemplate[0:], sourceSopsSecret.Spec.SecretsTemplate[1:])
-			sourceSopsSecret.Spec.SecretsTemplate = sourceSopsSecret.Spec.SecretsTemplate[:len(sourceSopsSecret.Spec.SecretsTemplate)-1]
+			copy(sourceSopsSecret.Spec.SecretTemplates[0:], sourceSopsSecret.Spec.SecretTemplates[1:])
+			sourceSopsSecret.Spec.SecretTemplates = sourceSopsSecret.Spec.SecretTemplates[:len(sourceSopsSecret.Spec.SecretTemplates)-1]
 			Expect(controller.K8sClient.Update(ctx, sourceSopsSecret)).To(Succeed())
 			testSecret = &corev1.Secret{}
 			tagrgetSecretNamespacedName = &types.NamespacedName{Namespace: "default", Name: "test-stringdata-token"}