github-personal/cozystack
1
0
Fork 0
mirror of https://github.com/outbackdingo/cozystack.git synced 2026-01-27 18:18:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

[platform] Add secret selectors to app definitions (#1447)

Browse Source 
## What this PR does

This patch expands the CozystackResourceDefinitions with new label
selector fields to include and exclude secrets by their labelsets. This
will enable application developers to selectively show or hide
application secrets to and from end-users.

### Release note

```release-note
[platform] Add selectors for application secrets, offering developers
an API to control secret visibility for end users.
```

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Added support for configuring secret visibility on resource
definitions using include/exclude label selectors. This lets you
precisely control which secrets are considered without affecting
existing setups.
* The configuration is optional; if not set, behavior remains unchanged.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This commit is contained in:
Andrei Kvapil
2025-09-23 18:29:56 +02:00
committed by GitHub
parent 66b53cb1ae 48919c0cfe
commit d991c49254
1 changed files with 15 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
api/v1alpha1/cozystackresourcedefinitions_types.go
View File

@@ -32,7 +32,7 @@ type CozystackResourceDefinition struct {
// +kubebuilder:object:root=true
// CozystackResourceDefinitionList contains a list of CozystackResourceDefinition
// CozystackResourceDefinitionList contains a list of CozystackResourceDefinitions
type CozystackResourceDefinitionList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
@@ -48,6 +48,8 @@ type CozystackResourceDefinitionSpec struct {
Application CozystackResourceDefinitionApplication `json:"application"`
// Release configuration
Release CozystackResourceDefinitionRelease `json:"release"`
// Secret selectors
Secrets CozystackResourceDefinitionSecrets `json:"secrets,omitempty"`
}
type CozystackResourceDefinitionChart struct {
@@ -87,3 +89,15 @@ type CozystackResourceDefinitionRelease struct {
// Prefix for the release name
Prefix string `json:"prefix"`
}
type CozystackResourceDefinitionSecrets struct {
// Exclude contains an array of label selectors that target secrets.
// If a secret matches the selector in any of the elements in the array, it is
// hidden from the user, regardless of the matches in the include array.
Exclude []*metav1.LabelSelector `json:"exclude,omitempty"`
// Include contains an array of label selectors that target secrets.
// If a secret matches the selector in any of the elements in the array, and
// matches none of the selectors in the exclude array that secret is marked
// as a tenant secret and is visible to users.
Include []*metav1.LabelSelector `json:"include,omitempty"`
}