update: example-ascp with --json-format and --k8s-secret (#221)

awslabs · Aug 19, 2024 · 74fc767 · 74fc767
1 parent 0757dd2
commit 74fc767
Show file tree

Hide file tree

Showing 3 changed files with 72 additions and 9 deletions.
diff --git a/pkg/application/example/ascp/ascp.go b/pkg/application/example/ascp/ascp.go
@@ -12,6 +12,8 @@ import (
 //
 
 func NewApp() *application.Application {
+	options, flags := newOptions()
+
 	return &application.Application{
 		Command: cmd.Command{
 			Parent:      "example",
@@ -31,19 +33,16 @@ func NewApp() *application.Application {
 			}),
 		},
 
+		Flags: flags,
+
 		Installer: &installer.ManifestInstaller{
 			AppName: "example-ascp",
 			ResourceTemplate: &template.TextTemplate{
 				Template: secretsProviderClassTemplate + serviceAccountTemplate + serviceAndDeploymentTemplate,
 			},
 		},
 
-		Options: &application.ApplicationOptions{
-			DisableServiceAccountFlag: true,
-			DisableVersionFlag:        true,
-			Namespace:                 "ascp",
-			ServiceAccount:            "nginx-deployment-sa",
-		},
+		Options: options,
 	}
 }
 

diff --git a/pkg/application/example/ascp/manifest.go b/pkg/application/example/ascp/manifest.go
@@ -1,6 +1,6 @@
 package ascp
 
-// https://github.com/aws/secrets-store-csi-driver-provider-aws/blob/main/examples/ExampleDeployment.yaml
+// https://github.com/aws/secrets-store-csi-driver-provider-aws/blob/main/examples/ExampleSecretProviderClass.yaml
 const secretsProviderClassTemplate = `---
 apiVersion: secrets-store.csi.x-k8s.io/v1
 kind: SecretProviderClass
@@ -10,8 +10,30 @@ spec:
   provider: aws
   parameters:
     objects: |
-        - objectName: "MySecret"
-          objectType: "secretsmanager"
+      - objectName: "MySecret"
+        objectType: "secretsmanager"
+{{- if .JSONFormat }}
+        jmesPath:
+          - path: "username"
+            objectAlias: "dbuser"
+          - path: "password"
+            objectAlias: "dbpass"
+{{- end }}
+{{- if .K8sSecret }}
+  secretObjects:
+  - data:
+  {{- if .JSONFormat }}
+    - key: dbuser
+      objectName: dbuser
+    - key: dbpass
+      objectName: dbpass
+  {{- else }}
+    - key: mysecret
+      objectName: MySecret
+  {{- end}}
+    secretName: nginx-deployment-aws-secrets
+    type: Opaque
+{{- end }}
 `
 
 const serviceAccountTemplate = `---

diff --git a/pkg/application/example/ascp/options.go b/pkg/application/example/ascp/options.go
@@ -0,0 +1,42 @@
+package ascp
+
+import (
+	"github.com/awslabs/eksdemo/pkg/application"
+	"github.com/awslabs/eksdemo/pkg/cmd"
+)
+
+type Options struct {
+	application.ApplicationOptions
+	JSONFormat bool
+	K8sSecret  bool
+}
+
+func newOptions() (options *Options, flags cmd.Flags) {
+	options = &Options{
+		ApplicationOptions: application.ApplicationOptions{
+			DisableServiceAccountFlag: true,
+			DisableVersionFlag:        true,
+			Namespace:                 "ascp",
+			ServiceAccount:            "nginx-deployment-sa",
+		},
+	}
+
+	flags = cmd.Flags{
+		&cmd.BoolFlag{
+			CommandFlag: cmd.CommandFlag{
+				Name:        "json-format",
+				Description: "mount key/value pairs from a secret in json format",
+			},
+			Option: &options.JSONFormat,
+		},
+		&cmd.BoolFlag{
+			CommandFlag: cmd.CommandFlag{
+				Name:        "k8s-secret",
+				Description: "create a Kubernetes Secret to mirror the mounted secret",
+			},
+			Option: &options.K8sSecret,
+		},
+	}
+
+	return
+}