Skip to content

Commit

Permalink
feat: change references from dirien to pulumi
Browse files Browse the repository at this point in the history
  • Loading branch information
dirien committed Dec 10, 2024
1 parent 599317f commit 7b03317
Show file tree
Hide file tree
Showing 14 changed files with 91 additions and 37 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/chart-publish.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,6 @@ jobs:
if [ -z "${pkg:-}" ]; then
break
fi
helm push "${pkg}" oci://ghcr.io/"${GITHUB_REPOSITORY_OWNER}"/charts |& tee .digest
helm push "${pkg}" oci://ghcr.io/pulumi/helm-charts |& tee .digest
cosign sign -y $(cat .digest | awk -F "[, ]+" '/Pushed/{print $NF}')
done
25 changes: 25 additions & 0 deletions .golangci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
linters:
enable:
- deadcode
- errcheck
- goconst
- gofmt
- golint
- gosec
- govet
- ineffassign
- interfacer
- lll
- megacheck
- misspell
- nakedret
- structcheck
- unconvert
- varcheck
enable-all: false
run:
skip-files:
- schema.go
- pulumiManifest.go
timeout: 20m

16 changes: 8 additions & 8 deletions .goreleaser.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ signs:
output: true

dockers:
- image_templates: [ "ghcr.io/dirien/{{ .ProjectName }}:{{ .Version }}-amd64" ]
- image_templates: [ "ghcr.io/pulumi/{{ .ProjectName }}:{{ .Version }}-amd64" ]
dockerfile: Dockerfile
use: buildx
build_flag_templates:
Expand All @@ -57,7 +57,7 @@ dockers:
- --label=org.opencontainers.image.revision={{.FullCommit}}
- --label=org.opencontainers.image.version={{.Version}}
- --label=org.opencontainers.image.source={{.GitURL}}
- image_templates: [ "ghcr.io/dirien/{{ .ProjectName }}:{{ .Version }}-arm64" ]
- image_templates: [ "ghcr.io/pulumi/{{ .ProjectName }}:{{ .Version }}-arm64" ]
goarch: arm64
dockerfile: Dockerfile
use: buildx
Expand All @@ -72,14 +72,14 @@ dockers:
- --label=org.opencontainers.image.source={{.GitURL}}

docker_manifests:
- name_template: 'ghcr.io/dirien/{{ .ProjectName }}:{{ .Version }}'
- name_template: 'ghcr.io/pulumi/{{ .ProjectName }}:{{ .Version }}'
image_templates:
- 'ghcr.io/dirien/{{ .ProjectName }}:{{ .Version }}-amd64'
- 'ghcr.io/dirien/{{ .ProjectName }}:{{ .Version }}-arm64'
- name_template: 'ghcr.io/dirien/{{ .ProjectName }}:latest'
- 'ghcr.io/pulumi/{{ .ProjectName }}:{{ .Version }}-amd64'
- 'ghcr.io/pulumi/{{ .ProjectName }}:{{ .Version }}-arm64'
- name_template: 'ghcr.io/pulumi/{{ .ProjectName }}:latest'
image_templates:
- 'ghcr.io/dirien/{{ .ProjectName }}:{{ .Version }}-amd64'
- 'ghcr.io/dirien/{{ .ProjectName }}:{{ .Version }}-arm64'
- 'ghcr.io/pulumi/{{ .ProjectName }}:{{ .Version }}-amd64'
- 'ghcr.io/pulumi/{{ .ProjectName }}:{{ .Version }}-arm64'


docker_signs:
Expand Down
29 changes: 26 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,16 @@
# Pulumi ESC Secret Store CSI Driver
# Pulumi ESC Secret Store CSI Driver - 🔒

Pulumi ESC for the [Secrets Store CSI driver](https://github.com/kubernetes-sigs/secrets-store-csi-driver) will allow
you to mount Pulumi ESC secrets directly into your Kubernetes pods while not using k8s-native secretes in your
Kubernetes cluster.

## Getting Started

### Prerequisites

- Kubernetes version >= 1.20
- [Tilt](https://docs.tilt.dev/) (for local development)

### Deploy Secret Store CSI Driver using Helm

Secrets Store CSI Driver allows users to customize their installation via Helm.
Expand All @@ -21,7 +30,21 @@ namespace.
tilt up
```

### Deploy Pulumi ESC Secret Store CSI Driver - production
### Deploy Pulumi ESC Secret Store CSI Driver - Kubernetes

See [helm/README.md](chart/README.md) for instructions on how to deploy the Pulumi ESC Secret Store CSI Driver using
Helm.

## License ⚖️

Apache License, Version 2.0

## Source Code

* <https://github.com/pulumi/pulumi-esc-csi-provider.git>

See [helm/README.md](chart/README.md) for instructions on how to deploy the Pulumi ESC Secret Store CSI Driver using Helm.
## Maintainers

| Name | Email | Url |
| ---- | ------ | --- |
| dirien | <[email protected]> | <https://pulumi.com> |
2 changes: 1 addition & 1 deletion Tiltfile
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ helm_remote('secrets-store-csi-driver',


docker_build(
'ghcr.io/dirien/secrets-store-csi-driver-provider-pulumi-esc',
'ghcr.io/pulumi/secrets-store-csi-driver-provider-pulumi-esc',
context='.',
dockerfile='./Dockerfile.tilt',
live_update=[
Expand Down
6 changes: 3 additions & 3 deletions chart/pulumi-esc-csi-provider/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ A Helm chart for the Pulumi ESC CSI provider
To install the chart using the OCI artifact, run:

```bash
helm install pulumi-esc-csi-provider oci://ghcr.io/dirien/charts/pulumi-esc-csi-provider --version 0.1.4 --namespace kube-system
helm install pulumi-esc-csi-provider oci://ghcr.io/pulumi/helm-charts/pulumi-esc-csi-provider --version 0.1.4 --namespace kube-system
```

After a few seconds, the `pulumi-esc-csi-provider` should be running.
Expand All @@ -20,7 +20,7 @@ To install the chart in a specific namespace use following commands:

```bash
kubectl create ns pulumi-esc-csi-provider
helm install pulumi-esc-csi-provider oci://ghcr.io/dirien/charts/pulumi-esc-csi-provider --namespace kube-system
helm install pulumi-esc-csi-provider oci://ghcr.io/pulumi/helm-charts/pulumi-esc-csi-provider --namespace kube-system
```

> **Tip**: List all releases using `helm list`, a release is a name used to track a specific deployment
Expand All @@ -41,7 +41,7 @@ The command removes all the Kubernetes components associated with the chart and
|-----|------|---------|-------------|
| args[0] | string | `"-endpoint=/provider/pulumi.sock"` | |
| image.pullPolicy | string | `"Always"` | |
| image.repository | string | `"ghcr.io/dirien/pulumi-esc-csi-provider"` | |
| image.repository | string | `"ghcr.io/pulumi/pulumi-esc-csi-provider"` | |
| image.tag | string | `""` | |
| labels | object | `{}` | |
| livenessProbe.failureThreshold | int | `2` | |
Expand Down
4 changes: 2 additions & 2 deletions chart/pulumi-esc-csi-provider/README.md.gotmpl
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
To install the chart using the OCI artifact, run:

```bash
helm install pulumi-esc-csi-provider oci://ghcr.io/dirien/charts/pulumi-esc-csi-provider --version {{ .Version }} --namespace kube-system
helm install pulumi-esc-csi-provider oci://ghcr.io/pulumi/helm-charts/pulumi-esc-csi-provider --version {{ .Version }} --namespace kube-system
```

After a few seconds, the `pulumi-esc-csi-provider` should be running.
Expand All @@ -20,7 +20,7 @@ To install the chart in a specific namespace use following commands:

```bash
kubectl create ns pulumi-esc-csi-provider
helm install pulumi-esc-csi-provider oci://ghcr.io/dirien/charts/pulumi-esc-csi-provider --namespace kube-system
helm install pulumi-esc-csi-provider oci://ghcr.io/pulumi/helm-charts/pulumi-esc-csi-provider --namespace kube-system
```

> **Tip**: List all releases using `helm list`, a release is a name used to track a specific deployment
Expand Down
2 changes: 1 addition & 1 deletion chart/pulumi-esc-csi-provider/values.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
name: pulumi-esc-csi-provider
namespace: kube-system
image:
repository: ghcr.io/dirien/pulumi-esc-csi-provider
repository: ghcr.io/pulumi/pulumi-esc-csi-provider
tag: ''
pullPolicy: Always

Expand Down
2 changes: 1 addition & 1 deletion deployment/pulumi-esc-csi-provider.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ spec:

containers:
- name: secrets-store-csi-driver-provider-pulumi-esc
image: "ghcr.io/dirien/pulumi-esc-csi-provider:0.1.0"
image: "ghcr.io/pulumi/pulumi-esc-csi-provider:0.1.0"
imagePullPolicy: Always
resources:
{}
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
module github.com/dirien/pulumi-esc-csi-provider
module github.com/pulumi/pulumi-esc-csi-provider

go 1.23.1

Expand Down
1 change: 0 additions & 1 deletion internal/auth/auth.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
//go:generate mockgen -destination=mock_$GOPACKAGE/mock_$GOFILE -source=$GOFILE
package auth

import (
Expand Down
2 changes: 1 addition & 1 deletion internal/config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,12 @@ package config

import (
"fmt"
"gopkg.in/yaml.v3"
"os"
"reflect"
"strings"

"github.com/go-playground/validator/v10"
"gopkg.in/yaml.v3"
)

type Config struct {
Expand Down
20 changes: 12 additions & 8 deletions internal/server/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,19 +5,19 @@ import (
"encoding/json"
"errors"
"fmt"
"github.com/dirien/pulumi-esc-csi-provider/internal/provider"
"gopkg.in/yaml.v3"
"log/slog"
"net"
"os"
"strconv"
"strings"
"time"

"github.com/dirien/pulumi-esc-csi-provider/internal/auth"
"github.com/dirien/pulumi-esc-csi-provider/internal/config"
"github.com/go-playground/validator/v10"
"github.com/pulumi/pulumi-esc-csi-provider/internal/auth"
"github.com/pulumi/pulumi-esc-csi-provider/internal/config"
"github.com/pulumi/pulumi-esc-csi-provider/internal/provider"
"google.golang.org/grpc"
"gopkg.in/yaml.v3"
"k8s.io/apimachinery/pkg/types"
pb "sigs.k8s.io/secrets-store-csi-driver/provider/v1alpha1"
)
Expand Down Expand Up @@ -118,14 +118,17 @@ func (p *PulumiESCProviderServer) Mount(ctx context.Context, req *pb.MountReques
mountResponse.Error.Code = ErrorBadRequest
return mountResponse, fmt.Errorf("failed to get credentials, error: %w", err)
}
pulumiESCClint := provider.NewPulumiESCClient(credentials.Pat, mountConfig.APIURL, mountConfig.Project, mountConfig.Environment, mountConfig.Organization)
env, err := pulumiESCClint.EscClient.OpenEnvironment(pulumiESCClint.AuthCtx, mountConfig.Organization, mountConfig.Project, mountConfig.Environment)
pulumiESCClint := provider.NewPulumiESCClient(credentials.Pat, mountConfig.APIURL, mountConfig.Project,
mountConfig.Environment, mountConfig.Organization)
env, err := pulumiESCClint.EscClient.OpenEnvironment(pulumiESCClint.AuthCtx, mountConfig.Organization,
mountConfig.Project, mountConfig.Environment)
if err != nil {
return nil, err
}
secretMap := make(map[string]*secretItem)
for _, secret := range mountConfig.Secrets {
val, _, err := pulumiESCClint.EscClient.ReadEnvironmentProperty(pulumiESCClint.AuthCtx, mountConfig.Organization, mountConfig.Project, mountConfig.Environment, env.GetId(), secret.SecretKey)
val, _, err := pulumiESCClint.EscClient.ReadEnvironmentProperty(pulumiESCClint.AuthCtx,
mountConfig.Organization, mountConfig.Project, mountConfig.Environment, env.GetId(), secret.SecretKey)
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -162,7 +165,8 @@ func (p *PulumiESCProviderServer) Mount(ctx context.Context, req *pb.MountReques
for _, value := range secretMap {
files = append(files, &pb.File{Path: value.FileName, Mode: int32(mountConfig.FilePermission), Contents: value.Value})
ov = append(ov, &pb.ObjectVersion{Id: value.FileName, Version: value.Version})
slog.Info(fmt.Sprintf("secret added to mount response, directory: %v, file: %v", mountConfig.TargetPath, value.FileName))
slog.Info(fmt.Sprintf("secret added to mount response, directory: %v, file: %v",
mountConfig.TargetPath, value.FileName))
}

return &pb.MountResponse{
Expand Down
15 changes: 9 additions & 6 deletions main.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,16 +4,18 @@ import (
"context"
"flag"
"fmt"
"github.com/dirien/pulumi-esc-csi-provider/internal/auth"
"github.com/dirien/pulumi-esc-csi-provider/internal/server"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"
"log"
"net/http"
"os"
"os/signal"
"strings"
"syscall"
"time"

"github.com/pulumi/pulumi-esc-csi-provider/internal/auth"
"github.com/pulumi/pulumi-esc-csi-provider/internal/server"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"
)

const figletStr = `
Expand Down Expand Up @@ -74,8 +76,9 @@ func main() {
func startHealthCheck() chan error {
mux := http.NewServeMux()
ms := http.Server{
Addr: fmt.Sprintf(":%s", *healthPort),
Handler: mux,
Addr: fmt.Sprintf(":%s", *healthPort),
Handler: mux,
ReadHeaderTimeout: 10 * time.Second,
}

errorCh := make(chan error)
Expand Down

0 comments on commit 7b03317

Please sign in to comment.