Full upgrade (#19)

- SecretName is now mandatory
- One can update client_secret in Hydra by creating new Secret object and changing the SecretName in CR instance

api/v1alpha1/oauth2client_types.go

@@ -25,6 +25,8 @@ type StatusCode string
 const (
 	StatusRegistrationFailed StatusCode = "CLIENT_REGISTRATION_FAILED"
 	StatusCreateSecretFailed StatusCode = "SECRET_CREATION_FAILED"
+	StatusUpdateFailed       StatusCode = "CLIENT_UPDATE_FAILED"
+	StatusInvalidSecret      StatusCode = "INVALID_SECRET"
 )
 
 // OAuth2ClientSpec defines the desired state of OAuth2Client
@@ -48,6 +50,13 @@ type OAuth2ClientSpec struct {
 	// described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client
 	// can use when requesting access tokens.
 	Scope string `json:"scope"`
+
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=253
+	// +kubebuilder:validation:Pattern=[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*
+	//
+	// SecretName points to the K8s secret that contains this client's ID and password
+	SecretName string `json:"secretName"`
 }
 
 // +kubebuilder:validation:Enum=client_credentials;authorization_code;implicit;refresh_token
@@ -60,10 +69,6 @@ type ResponseType string
 
 // OAuth2ClientStatus defines the observed state of OAuth2Client
 type OAuth2ClientStatus struct {
-	// Secret points to the K8s secret that contains this client's id and password
-	Secret *string `json:"secret,omitempty"`
-	// ClientID is the id for this client.
-	ClientID *string `json:"clientID,omitempty"`
 	// ObservedGeneration represents the most recent generation observed by the daemon set controller.
 	ObservedGeneration  int64               `json:"observedGeneration,omitempty"`
 	ReconciliationError ReconciliationError `json:"reconciliationError,omitempty"`
@@ -106,7 +111,6 @@ func init() {
 func (c *OAuth2Client) ToOAuth2ClientJSON() *hydra.OAuth2ClientJSON {
 	return &hydra.OAuth2ClientJSON{
 		Name:          c.Name,
-		ClientID:      c.Status.ClientID,
 		GrantTypes:    grantToStringSlice(c.Spec.GrantTypes),
 		ResponseTypes: responseToStringSlice(c.Spec.ResponseTypes),
 		Scope:         c.Spec.Scope,

api/v1alpha1/oauth2client_types_test.go

@@ -77,6 +77,7 @@ func TestCreateAPI(t *testing.T) {
 				"invalid grant type":    func() { created.Spec.GrantTypes = []GrantType{"invalid"} },
 				"invalid response type": func() { created.Spec.ResponseTypes = []ResponseType{"invalid"} },
 				"invalid scope":         func() { created.Spec.Scope = "" },
+				"missing secret name":   func() { created.Spec.SecretName = "" },
 			} {
 				t.Run(fmt.Sprintf("case=%s", desc), func(t *testing.T) {
 
@@ -124,6 +125,7 @@ func resetTestClient() {
 			GrantTypes:    []GrantType{"implicit", "client_credentials", "authorization_code", "refresh_token"},
 			ResponseTypes: []ResponseType{"id_token", "code", "token"},
 			Scope:         "read,write",
+			SecretName:    "secret-name",
 		},
 	}
 }

api/v1alpha1/zz_generated.deepcopy.go

@@ -29,7 +29,7 @@ func (in *OAuth2Client) DeepCopyInto(out *OAuth2Client) {
 	out.TypeMeta = in.TypeMeta
 	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
 	in.Spec.DeepCopyInto(&out.Spec)
-	in.Status.DeepCopyInto(&out.Status)
+	out.Status = in.Status
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth2Client.
@@ -110,16 +110,6 @@ func (in *OAuth2ClientSpec) DeepCopy() *OAuth2ClientSpec {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *OAuth2ClientStatus) DeepCopyInto(out *OAuth2ClientStatus) {
 	*out = *in
-	if in.Secret != nil {
-		in, out := &in.Secret, &out.Secret
-		*out = new(string)
-		**out = **in
-	}
-	if in.ClientID != nil {
-		in, out := &in.ClientID, &out.ClientID
-		*out = new(string)
-		**out = **in
-	}
 	out.ReconciliationError = in.ReconciliationError
 }