Skip to content

Commit

Permalink
Add support aws secretmanager authentication (#5162)
Browse files Browse the repository at this point in the history 
Signed-off-by: geoffrey1330 <[email protected]>
Signed-off-by: Jorge Turrado <[email protected]>
Signed-off-by: Jorge Turrado Ferrero <[email protected]>
Signed-off-by: Jorge Turrado <[email protected]>
Signed-off-by: Geoffrey Israel <[email protected]>
Co-authored-by: Jorge Turrado Ferrero <[email protected]>
Co-authored-by: Jorge Turrado <[email protected]>
  • Loading branch information
@geoffrey1330 @JorTurFer
3 people authored Jan 12, 2024
1 parent a99c79e commit ef23ace
Show file tree
Hide file tree
Showing 64 changed files with 18,492 additions and 69 deletions.
3 changes: 3 additions & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,9 @@ apiserver.local.config/
# VSCode specific files
.vscode

# certs folder
certs/

cover.out

# GO debug binaries
Expand Down
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ To learn more about active deprecations, we recommend checking [GitHub Discussio

### New

- **General**: Adds support for AWS Secret Manager as a source for TriggerAuthentication ([#4628](https://github.com/kedacore/keda/issues/4628))
- **General**: Introduce new AWS Authentication ([#4134](https://github.com/kedacore/keda/issues/4134))

#### Experimental
Expand Down
2 changes: 1 addition & 1 deletion apis/eventing/v1alpha1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

34 changes: 34 additions & 0 deletions apis/keda/v1alpha1/triggerauthentication_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,9 @@ type TriggerAuthenticationSpec struct {

// +optional
AzureKeyVault *AzureKeyVault `json:"azureKeyVault,omitempty"`

// +optional
AwsSecretManager *AwsSecretManager `json:"awsSecretManager,omitempty"`
}

// TriggerAuthenticationStatus defines the observed state of TriggerAuthentication
Expand Down Expand Up @@ -297,6 +300,37 @@ type AzureKeyVaultCloudInfo struct {
ActiveDirectoryEndpoint string `json:"activeDirectoryEndpoint"`
}

// AwsSecretManager is used to authenticate using AwsSecretManager
type AwsSecretManager struct {
Secrets []AwsSecretManagerSecret `json:"secrets"`
// +optional
Credentials *AwsSecretManagerCredentials `json:"credentials"`
// +optional
PodIdentity *AuthPodIdentity `json:"podIdentity"`
// +optional
Region string `json:"region,omitempty"`
}

type AwsSecretManagerCredentials struct {
AccessKey *AwsSecretManagerValue `json:"accessKey"`
AccessSecretKey *AwsSecretManagerValue `json:"accessSecretKey"`
// +optional
AccessToken *AwsSecretManagerValue `json:"accessToken,omitempty"`
}

type AwsSecretManagerValue struct {
ValueFrom ValueFromSecret `json:"valueFrom"`
}

type AwsSecretManagerSecret struct {
Parameter string `json:"parameter"`
Name string `json:"name"`
// +optional
VersionID string `json:"versionId,omitempty"`
// +optional
VersionStage string `json:"versionStage,omitempty"`
}

func init() {
SchemeBuilder.Register(&ClusterTriggerAuthentication{}, &ClusterTriggerAuthenticationList{})
SchemeBuilder.Register(&TriggerAuthentication{}, &TriggerAuthenticationList{})
Expand Down
98 changes: 97 additions & 1 deletion apis/keda/v1alpha1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

121 changes: 121 additions & 0 deletions config/crd/bases/keda.sh_clustertriggerauthentications.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,127 @@ spec:
spec:
description: TriggerAuthenticationSpec defines the various ways to authenticate
properties:
awsSecretManager:
description: AwsSecretManager is used to authenticate using AwsSecretManager
properties:
credentials:
properties:
accessKey:
properties:
valueFrom:
properties:
secretKeyRef:
properties:
key:
type: string
name:
type: string
required:
- key
- name
type: object
required:
- secretKeyRef
type: object
required:
- valueFrom
type: object
accessSecretKey:
properties:
valueFrom:
properties:
secretKeyRef:
properties:
key:
type: string
name:
type: string
required:
- key
- name
type: object
required:
- secretKeyRef
type: object
required:
- valueFrom
type: object
accessToken:
properties:
valueFrom:
properties:
secretKeyRef:
properties:
key:
type: string
name:
type: string
required:
- key
- name
type: object
required:
- secretKeyRef
type: object
required:
- valueFrom
type: object
required:
- accessKey
- accessSecretKey
type: object
podIdentity:
description: AuthPodIdentity allows users to select the platform
native identity mechanism
properties:
identityId:
type: string
identityOwner:
description: IdentityOwner configures which identity has to
be used during auto discovery, keda or the scaled workload.
Mutually exclusive with roleArn
enum:
- keda
- workload
type: string
provider:
description: PodIdentityProvider contains the list of providers
enum:
- azure
- azure-workload
- gcp
- aws
- aws-eks
- aws-kiam
type: string
roleArn:
description: RoleArn sets the AWS RoleArn to be used. Mutually
exclusive with IdentityOwner
type: string
required:
- provider
type: object
region:
type: string
secrets:
items:
properties:
name:
type: string
parameter:
type: string
versionId:
type: string
versionStage:
type: string
required:
- name
- parameter
type: object
type: array
required:
- secrets
type: object
azureKeyVault:
description: AzureKeyVault is used to authenticate using Azure Key
Vault
Expand Down
Loading

0 comments on commit ef23ace

Please sign in to comment.