Merge pull request #156 from dariozachow/fix/hooksecret-as-reference

fix(project/hook)!: hooksecret as reference

apis/generate.go

@@ -32,7 +32,6 @@ limitations under the License.
 package apis
 
 import (
-	_ "sigs.k8s.io/controller-tools/cmd/controller-gen" //nolint:typecheck
-
 	_ "github.com/crossplane/crossplane-tools/cmd/angryjet" //nolint:typecheck
+	_ "sigs.k8s.io/controller-tools/cmd/controller-gen"     //nolint:typecheck
 )

apis/projects/v1alpha1/hook_types.go

@@ -89,8 +89,11 @@ type HookParameters struct {
 	EnableSSLVerification *bool `json:"enableSslVerification,omitempty"`
 
 	// Token is the secret token to validate received payloads.
-	// +optional
-	Token *string `json:"token,omitempty"`
+	Token *Token `json:"token"`
+}
+
+type Token struct {
+	SecretRef *xpv1.SecretKeySelector `json:"secretRef"`
 }
 
 // HookObservation represents a project hook.

go.mod

@@ -71,7 +71,7 @@ require (
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.26.0
 	golang.org/x/mod v0.14.0 // indirect
-	golang.org/x/net v0.23.0 // indirect
+	golang.org/x/net v0.23.0
 	golang.org/x/oauth2 v0.21.0 // indirect
 	golang.org/x/sys v0.20.0 // indirect
 	golang.org/x/term v0.18.0 // indirect

package/crds/projects.gitlab.crossplane.io_hooks.yaml

@@ -192,14 +192,36 @@ spec:
                     type: boolean
                   token:
                     description: Token is the secret token to validate received payloads.
-                    type: string
+                    properties:
+                      secretRef:
+                        description: A SecretKeySelector is a reference to a secret
+                          key in an arbitrary namespace.
+                        properties:
+                          key:
+                            description: The key to select.
+                            type: string
+                          name:
+                            description: Name of the secret.
+                            type: string
+                          namespace:
+                            description: Namespace of the secret.
+                            type: string
+                        required:
+                        - key
+                        - name
+                        - namespace
+                        type: object
+                    required:
+                    - secretRef
+                    type: object
                   url:
                     description: URL is the hook URL.
                     type: string
                   wikiPageEvents:
                     description: WikiPageEvents triggers hook on wiki events.
                     type: boolean
                 required:
+                - token
                 - url
                 type: object
               managementPolicies:

pkg/clients/projects/hook.go

@@ -20,8 +20,13 @@ import (
 	"strings"
 
 	"github.com/google/go-cmp/cmp"
+	"github.com/pkg/errors"
 	"github.com/xanzy/go-gitlab"
+	"golang.org/x/net/context"
+	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	"github.com/crossplane-contrib/provider-gitlab/apis/projects/v1alpha1"
 	"github.com/crossplane-contrib/provider-gitlab/pkg/clients"
@@ -114,7 +119,13 @@ func GenerateHookObservation(hook *gitlab.ProjectHook) v1alpha1.HookObservation
 }
 
 // GenerateCreateHookOptions generates project creation options
-func GenerateCreateHookOptions(p *v1alpha1.HookParameters) *gitlab.AddProjectHookOptions {
+func GenerateCreateHookOptions(p *v1alpha1.HookParameters, client client.Client, ctx context.Context) (*gitlab.AddProjectHookOptions, error) {
+	token, err := getTokenValueFromSecret(p, client, ctx)
+
+	if err != nil {
+		return nil, err
+	}
+
 	hook := &gitlab.AddProjectHookOptions{
 		URL:                      p.URL,
 		ConfidentialNoteEvents:   p.ConfidentialNoteEvents,
@@ -129,14 +140,39 @@ func GenerateCreateHookOptions(p *v1alpha1.HookParameters) *gitlab.AddProjectHoo
 		PipelineEvents:           p.PipelineEvents,
 		WikiPageEvents:           p.WikiPageEvents,
 		EnableSSLVerification:    p.EnableSSLVerification,
-		Token:                    p.Token,
+		Token:                    token,
 	}
 
-	return hook
+	return hook, nil
+}
+
+func getTokenValueFromSecret(p *v1alpha1.HookParameters, client client.Client, ctx context.Context) (*string, error) {
+	secret := &v1.Secret{}
+
+	if err := client.Get(ctx, types.NamespacedName{Name: p.Token.SecretRef.Name, Namespace: p.Token.SecretRef.Namespace}, secret); err != nil {
+		return nil, errors.Wrap(err, "Cannot get referenced Secret")
+
+	}
+
+	value := secret.Data[p.Token.SecretRef.Key]
+
+	if value == nil {
+		return nil, errors.Errorf("Could not find key %v in the referenced secret", p.Token.SecretRef.Key)
+	}
+
+	data := string(value)
+
+	return &data, nil
 }
 
 // GenerateEditHookOptions generates project edit options
-func GenerateEditHookOptions(p *v1alpha1.HookParameters) *gitlab.EditProjectHookOptions {
+func GenerateEditHookOptions(p *v1alpha1.HookParameters, client client.Client, ctx context.Context) (*gitlab.EditProjectHookOptions, error) {
+	token, err := getTokenValueFromSecret(p, client, ctx)
+
+	if err != nil {
+		return nil, err
+	}
+
 	o := &gitlab.EditProjectHookOptions{
 		URL:                      p.URL,
 		ConfidentialNoteEvents:   p.ConfidentialNoteEvents,
@@ -151,10 +187,10 @@ func GenerateEditHookOptions(p *v1alpha1.HookParameters) *gitlab.EditProjectHook
 		PipelineEvents:           p.PipelineEvents,
 		WikiPageEvents:           p.WikiPageEvents,
 		EnableSSLVerification:    p.EnableSSLVerification,
-		Token:                    p.Token,
+		Token:                    token,
 	}
 
-	return o
+	return o, nil
 }
 
 // IsHookUpToDate checks whether there is a change in any of the modifiable fields.