feat(trait): set env as configmaps/secrets

Closes apache#5522
squakez · Aug 13, 2024 · 6a180d7 · 6a180d7
1 parent e039e22
commit 6a180d7
Show file tree

Hide file tree

Showing 15 changed files with 117 additions and 39 deletions.
diff --git a/addons/vault/aws/aws_secrets_manager.go b/addons/vault/aws/aws_secrets_manager.go
@@ -18,7 +18,6 @@ limitations under the License.
 package aws
 
 import (
-	"regexp"
 	"strconv"
 
 	"github.com/apache/camel-k/v2/pkg/util/kubernetes"
@@ -105,7 +104,6 @@ func (t *awsSecretsManagerTrait) Configure(environment *trait.Environment) (bool
 }
 
 func (t *awsSecretsManagerTrait) Apply(environment *trait.Environment) error {
-	rex := regexp.MustCompile(`^(configmap|secret):([a-zA-Z0-9][a-zA-Z0-9-]*)(/([a-zA-Z0-9].*))?$`)
 	if environment.IntegrationInPhase(v1.IntegrationPhaseInitialization) {
 		util.StringSliceUniqueAdd(&environment.Integration.Status.Capabilities, v1.CapabilityAwsSecretsManager)
 	}
@@ -114,7 +112,7 @@ func (t *awsSecretsManagerTrait) Apply(environment *trait.Environment) error {
 		return nil
 	}
 
-	hits := rex.FindAllStringSubmatch(t.AccessKey, -1)
+	hits := v1.PlainConfigSecretRegexp.FindAllStringSubmatch(t.AccessKey, -1)
 	if len(hits) >= 1 {
 		var res, _ = v1.DecodeValueSource(t.AccessKey, "aws-access-key", "The access Key provided is not valid")
 		if secretValue, err := kubernetes.ResolveValueSource(environment.Ctx, environment.Client, environment.Platform.Namespace, &res); err != nil {
@@ -125,7 +123,7 @@ func (t *awsSecretsManagerTrait) Apply(environment *trait.Environment) error {
 	} else {
 		environment.ApplicationProperties["camel.vault.aws.accessKey"] = t.AccessKey
 	}
-	hits = rex.FindAllStringSubmatch(t.SecretKey, -1)
+	hits = v1.PlainConfigSecretRegexp.FindAllStringSubmatch(t.SecretKey, -1)
 	if len(hits) >= 1 {
 		var res, _ = v1.DecodeValueSource(t.SecretKey, "aws-secret-key", "The secret Key provided is not valid")
 		if secretValue, err := kubernetes.ResolveValueSource(environment.Ctx, environment.Client, environment.Platform.Namespace, &res); err != nil {

diff --git a/addons/vault/azure/azure_key_vault.go b/addons/vault/azure/azure_key_vault.go
@@ -18,7 +18,6 @@ limitations under the License.
 package azure
 
 import (
-	"regexp"
 	"strconv"
 
 	"github.com/apache/camel-k/v2/pkg/util/kubernetes"
@@ -81,10 +80,6 @@ type Trait struct {
 	BlobContainerName string `property:"blob-container-name" json:"blobContainerName,omitempty"`
 }
 
-var (
-	azureKeyValueRex = regexp.MustCompile(`^(configmap|secret):([a-zA-Z0-9][a-zA-Z0-9-]*)(/([a-zA-Z0-9].*))?$`)
-)
-
 type azureKeyVaultTrait struct {
 	trait.BaseTrait
 	Trait `property:",squash"`
@@ -130,7 +125,7 @@ func (t *azureKeyVaultTrait) Apply(environment *trait.Environment) error {
 		return nil
 	}
 
-	hits := azureKeyValueRex.FindAllStringSubmatch(t.ClientSecret, -1)
+	hits := v1.PlainConfigSecretRegexp.FindAllStringSubmatch(t.ClientSecret, -1)
 	if len(hits) >= 1 {
 		var res, _ = v1.DecodeValueSource(t.ClientSecret, "azure-key-vault-client-secret", "The Azure Key Vault Client Secret provided is not valid")
 		if secretValue, err := kubernetes.ResolveValueSource(environment.Ctx, environment.Client, environment.Platform.Namespace, &res); err != nil {
@@ -141,7 +136,7 @@ func (t *azureKeyVaultTrait) Apply(environment *trait.Environment) error {
 	} else {
 		environment.ApplicationProperties["camel.vault.azure.clientSecret"] = t.ClientSecret
 	}
-	hits = azureKeyValueRex.FindAllStringSubmatch(t.BlobAccessKey, -1)
+	hits = v1.PlainConfigSecretRegexp.FindAllStringSubmatch(t.BlobAccessKey, -1)
 	if len(hits) >= 1 {
 		var res, _ = v1.DecodeValueSource(t.BlobAccessKey, "azure-storage-blob-access-key", "The Azure Storage Blob Access Key provided is not valid")
 		if secretValue, err := kubernetes.ResolveValueSource(environment.Ctx, environment.Client, environment.Platform.Namespace, &res); err != nil {

diff --git a/addons/vault/hashicorp/hashicorp_vault.go b/addons/vault/hashicorp/hashicorp_vault.go
@@ -18,8 +18,6 @@ limitations under the License.
 package hashicorp
 
 import (
-	"regexp"
-
 	v1 "github.com/apache/camel-k/v2/pkg/apis/camel/v1"
 	traitv1 "github.com/apache/camel-k/v2/pkg/apis/camel/v1/trait"
 	"github.com/apache/camel-k/v2/pkg/trait"
@@ -81,7 +79,6 @@ func (t *hashicorpVaultTrait) Configure(environment *trait.Environment) (bool, *
 }
 
 func (t *hashicorpVaultTrait) Apply(environment *trait.Environment) error {
-	rex := regexp.MustCompile(`^(configmap|secret):([a-zA-Z0-9][a-zA-Z0-9-]*)(/([a-zA-Z0-9].*))?$`)
 	if environment.IntegrationInPhase(v1.IntegrationPhaseInitialization) {
 		util.StringSliceUniqueAdd(&environment.Integration.Status.Capabilities, v1.CapabilityHashicorpVault)
 	}
@@ -90,7 +87,7 @@ func (t *hashicorpVaultTrait) Apply(environment *trait.Environment) error {
 		return nil
 	}
 
-	hits := rex.FindAllStringSubmatch(t.Token, -1)
+	hits := v1.PlainConfigSecretRegexp.FindAllStringSubmatch(t.Token, -1)
 	if len(hits) >= 1 {
 		var res, _ = v1.DecodeValueSource(t.Token, "hashicorp-vault-token", "The Hashicorp Vault Token provided is not valid")
 

diff --git a/docs/modules/ROOT/partials/apis/camel-k-crds.adoc b/docs/modules/ROOT/partials/apis/camel-k-crds.adoc
@@ -6906,8 +6906,9 @@ Propagates the `HTTP_PROXY`, `HTTPS_PROXY` and `NO_PROXY` environment variables
 
 
 A list of environment variables to be added to the integration container.
-The syntax is KEY=VALUE, e.g., `MY_VAR="my value"`.
-These take precedence over the previously defined environment variables.
+The syntax is either VAR=VALUE or VAR=[configmap{vbar}secret]:name/key, where name represents the resource name,
+and key represents the resource key to be mapped as and environment variable.
+These take precedence over any previously defined environment variables.
 
 
 |===

diff --git a/docs/modules/traits/pages/environment.adoc b/docs/modules/traits/pages/environment.adoc
@@ -41,8 +41,9 @@ The following configuration options are available:
 | environment.vars
 | []string
 | A list of environment variables to be added to the integration container.
-The syntax is KEY=VALUE, e.g., `MY_VAR="my value"`.
-These take precedence over the previously defined environment variables.
+The syntax is either VAR=VALUE or VAR=[configmap\|secret]:name/key, where name represents the resource name,
+and key represents the resource key to be mapped as and environment variable.
+These take precedence over any previously defined environment variables.
 
 |===
 

diff --git a/pkg/apis/camel/v1/common_types_support.go b/pkg/apis/camel/v1/common_types_support.go
@@ -30,6 +30,8 @@ import (
 	"github.com/imdario/mergo"
 )
 
+var PlainConfigSecretRegexp = regexp.MustCompile(`^(configmap|secret):([a-zA-Z0-9][a-zA-Z0-9-]*)(/([a-zA-Z0-9].*))?$`)
+
 func (in *Artifact) String() string {
 	return in.ID
 }
@@ -224,8 +226,7 @@ func (bc *BuildConfiguration) IsEmpty() bool {
 // DecodeValueSource returns a ValueSource object from an input that respects the format configmap|secret:resource-name[/path].
 func DecodeValueSource(input string, defaultKey string, errorMessage string) (ValueSource, error) {
 	sub := make([]string, 0)
-	rex := regexp.MustCompile(`^(configmap|secret):([a-zA-Z0-9][a-zA-Z0-9-]*)(/([a-zA-Z0-9].*))?$`)
-	hits := rex.FindAllStringSubmatch(input, -1)
+	hits := PlainConfigSecretRegexp.FindAllStringSubmatch(input, -1)
 
 	for _, hit := range hits {
 		if len(hit) > 1 {

diff --git a/pkg/apis/camel/v1/trait/environment.go b/pkg/apis/camel/v1/trait/environment.go
@@ -28,7 +28,8 @@ type EnvironmentTrait struct {
 	// Propagates the `HTTP_PROXY`, `HTTPS_PROXY` and `NO_PROXY` environment variables (default `true`)
 	HTTPProxy *bool `property:"http-proxy" json:"httpProxy,omitempty"`
 	// A list of environment variables to be added to the integration container.
-	// The syntax is KEY=VALUE, e.g., `MY_VAR="my value"`.
-	// These take precedence over the previously defined environment variables.
+	// The syntax is either VAR=VALUE or VAR=[configmap|secret]:name/key, where name represents the resource name,
+	// and key represents the resource key to be mapped as and environment variable.
+	// These take precedence over any previously defined environment variables.
 	Vars []string `property:"vars" json:"vars,omitempty"`
 }
diff --git a/pkg/resources/config/crd/bases/camel.apache.org_integrationplatforms.yaml b/pkg/resources/config/crd/bases/camel.apache.org_integrationplatforms.yaml
@@ -993,8 +993,9 @@ spec:
                       vars:
                         description: |-
                           A list of environment variables to be added to the integration container.
-                          The syntax is KEY=VALUE, e.g., `MY_VAR="my value"`.
-                          These take precedence over the previously defined environment variables.
+                          The syntax is either VAR=VALUE or VAR=[configmap|secret]:name/key, where name represents the resource name,
+                          and key represents the resource key to be mapped as and environment variable.
+                          These take precedence over any previously defined environment variables.
                         items:
                           type: string
                         type: array
@@ -3091,8 +3092,9 @@ spec:
                       vars:
                         description: |-
                           A list of environment variables to be added to the integration container.
-                          The syntax is KEY=VALUE, e.g., `MY_VAR="my value"`.
-                          These take precedence over the previously defined environment variables.
+                          The syntax is either VAR=VALUE or VAR=[configmap|secret]:name/key, where name represents the resource name,
+                          and key represents the resource key to be mapped as and environment variable.
+                          These take precedence over any previously defined environment variables.
                         items:
                           type: string
                         type: array

diff --git a/pkg/resources/config/crd/bases/camel.apache.org_integrationprofiles.yaml b/pkg/resources/config/crd/bases/camel.apache.org_integrationprofiles.yaml
@@ -868,8 +868,9 @@ spec:
                       vars:
                         description: |-
                           A list of environment variables to be added to the integration container.
-                          The syntax is KEY=VALUE, e.g., `MY_VAR="my value"`.
-                          These take precedence over the previously defined environment variables.
+                          The syntax is either VAR=VALUE or VAR=[configmap|secret]:name/key, where name represents the resource name,
+                          and key represents the resource key to be mapped as and environment variable.
+                          These take precedence over any previously defined environment variables.
                         items:
                           type: string
                         type: array
@@ -2848,8 +2849,9 @@ spec:
                       vars:
                         description: |-
                           A list of environment variables to be added to the integration container.
-                          The syntax is KEY=VALUE, e.g., `MY_VAR="my value"`.
-                          These take precedence over the previously defined environment variables.
+                          The syntax is either VAR=VALUE or VAR=[configmap|secret]:name/key, where name represents the resource name,
+                          and key represents the resource key to be mapped as and environment variable.
+                          These take precedence over any previously defined environment variables.
                         items:
                           type: string
                         type: array

diff --git a/pkg/resources/config/crd/bases/camel.apache.org_integrations.yaml b/pkg/resources/config/crd/bases/camel.apache.org_integrations.yaml
@@ -6884,8 +6884,9 @@ spec:
                       vars:
                         description: |-
                           A list of environment variables to be added to the integration container.
-                          The syntax is KEY=VALUE, e.g., `MY_VAR="my value"`.
-                          These take precedence over the previously defined environment variables.
+                          The syntax is either VAR=VALUE or VAR=[configmap|secret]:name/key, where name represents the resource name,
+                          and key represents the resource key to be mapped as and environment variable.
+                          These take precedence over any previously defined environment variables.
                         items:
                           type: string
                         type: array

diff --git a/pkg/resources/config/crd/bases/camel.apache.org_kameletbindings.yaml b/pkg/resources/config/crd/bases/camel.apache.org_kameletbindings.yaml
@@ -6955,8 +6955,9 @@ spec:
                           vars:
                             description: |-
                               A list of environment variables to be added to the integration container.
-                              The syntax is KEY=VALUE, e.g., `MY_VAR="my value"`.
-                              These take precedence over the previously defined environment variables.
+                              The syntax is either VAR=VALUE or VAR=[configmap|secret]:name/key, where name represents the resource name,
+                              and key represents the resource key to be mapped as and environment variable.
+                              These take precedence over any previously defined environment variables.
                             items:
                               type: string
                             type: array

diff --git a/pkg/resources/config/crd/bases/camel.apache.org_pipes.yaml b/pkg/resources/config/crd/bases/camel.apache.org_pipes.yaml
@@ -6953,8 +6953,9 @@ spec:
                           vars:
                             description: |-
                               A list of environment variables to be added to the integration container.
-                              The syntax is KEY=VALUE, e.g., `MY_VAR="my value"`.
-                              These take precedence over the previously defined environment variables.
+                              The syntax is either VAR=VALUE or VAR=[configmap|secret]:name/key, where name represents the resource name,
+                              and key represents the resource key to be mapped as and environment variable.
+                              These take precedence over any previously defined environment variables.
                             items:
                               type: string
                             type: array

diff --git a/pkg/trait/environment.go b/pkg/trait/environment.go
@@ -22,6 +22,7 @@ import (
 
 	"k8s.io/utils/ptr"
 
+	v1 "github.com/apache/camel-k/v2/pkg/apis/camel/v1"
 	traitv1 "github.com/apache/camel-k/v2/pkg/apis/camel/v1/trait"
 	"github.com/apache/camel-k/v2/pkg/util/camel"
 	"github.com/apache/camel-k/v2/pkg/util/defaults"
@@ -102,7 +103,16 @@ func (t *environmentTrait) Apply(e *Environment) error {
 	if t.Vars != nil {
 		for _, env := range t.Vars {
 			k, v := property.SplitPropertyFileEntry(env)
-			envvar.SetVal(&e.EnvVars, k, v)
+			confs := v1.PlainConfigSecretRegexp.FindAllStringSubmatch(v, -1)
+			if len(confs) > 0 {
+				var res, err = v1.DecodeValueSource(v, "", "Invalid configuration "+v)
+				if err != nil {
+					return err
+				}
+				envvar.SetValFromValueSource(&e.EnvVars, k, res)
+			} else {
+				envvar.SetVal(&e.EnvVars, k, v)
+			}
 		}
 	}
 

diff --git a/pkg/trait/environment_test.go b/pkg/trait/environment_test.go
@@ -18,6 +18,7 @@ limitations under the License.
 package trait
 
 import (
+	"fmt"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -192,6 +193,45 @@ func TestCustomEnvVars(t *testing.T) {
 	assert.True(t, userK2)
 }
 
+func TestValueSourceEnvVars(t *testing.T) {
+	c, err := camel.DefaultCatalog()
+	require.NoError(t, err)
+
+	env := mockEnvironment(c)
+	env.Integration.Spec.Traits = v1.Traits{
+		Environment: &traitv1.EnvironmentTrait{
+			Vars: []string{"MY_VAR_1=secret:my-sec/my-sec-value", "MY_VAR_2=configmap:my-cm/my-cm-value"},
+		},
+	}
+	env.Platform.ResyncStatusFullConfig()
+
+	conditions, err := NewEnvironmentTestCatalog().apply(&env)
+	require.NoError(t, err)
+	assert.NotEmpty(t, conditions)
+
+	userK1 := false
+	userK2 := false
+
+	env.Resources.VisitDeployment(func(deployment *appsv1.Deployment) {
+		fmt.Println(deployment.Spec.Template.Spec.Containers[0].Env)
+		for _, e := range deployment.Spec.Template.Spec.Containers[0].Env {
+			if e.Name == "MY_VAR_1" {
+				userK1 = e.Value == "" &&
+					e.ValueFrom.SecretKeyRef.Name == "my-sec" &&
+					e.ValueFrom.SecretKeyRef.Key == "my-sec-value"
+			}
+			if e.Name == "MY_VAR_2" {
+				userK2 = e.Value == "" &&
+					e.ValueFrom.ConfigMapKeyRef.Name == "my-cm" &&
+					e.ValueFrom.ConfigMapKeyRef.Key == "my-cm-value"
+			}
+		}
+	})
+
+	assert.True(t, userK1)
+	assert.True(t, userK2)
+}
+
 func NewEnvironmentTestCatalog() *Catalog {
 	return NewCatalog(nil)
 }

diff --git a/pkg/util/envvar/envvar.go b/pkg/util/envvar/envvar.go
@@ -17,7 +17,10 @@ limitations under the License.
 
 package envvar
 
-import corev1 "k8s.io/api/core/v1"
+import (
+	v1 "github.com/apache/camel-k/v2/pkg/apis/camel/v1"
+	corev1 "k8s.io/api/core/v1"
+)
 
 // Get --.
 func Get(vars []corev1.EnvVar, name string) *corev1.EnvVar {
@@ -92,3 +95,27 @@ func SetValFrom(vars *[]corev1.EnvVar, name string, path string) {
 		})
 	}
 }
+
+// SetValFromValueSource --.
+func SetValFromValueSource(vars *[]corev1.EnvVar, name string, vs v1.ValueSource) {
+	var envVarSource *corev1.EnvVarSource
+	if vs.SecretKeyRef != nil {
+		envVarSource = &corev1.EnvVarSource{
+			SecretKeyRef: vs.SecretKeyRef,
+		}
+	} else if vs.ConfigMapKeyRef != nil {
+		envVarSource = &corev1.EnvVarSource{
+			ConfigMapKeyRef: vs.ConfigMapKeyRef,
+		}
+	}
+
+	if envVar := Get(*vars, name); envVar != nil {
+		envVar.Value = ""
+		envVar.ValueFrom = envVarSource
+	} else {
+		*vars = append(*vars, corev1.EnvVar{
+			Name:      name,
+			ValueFrom: envVarSource,
+		})
+	}
+}