Full upgrade (#19)

- SecretName is now mandatory - One can update client_secret in Hydra by creating new Secret object and changing the SecretName in CR instance
2019-09-13 14:37:29 +02:00
parent 8009fd63d3
commit 294c171ac6
11 changed files with 474 additions and 280 deletions
--- a/config/crd/bases/hydra.ory.sh_oauth2clients.yaml
+++ b/config/crd/bases/hydra.ory.sh_oauth2clients.yaml
@ -418,15 +418,20 @@ spec:
                that the client can use when requesting access tokens.
              pattern: ([a-zA-Z0-9\.\*]+\s?)+
              type: string
+            secretName:
+              description: SecretName points to the K8s secret that contains this
+                client's ID and password
+              maxLength: 253
+              minLength: 1
+              pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'
+              type: string
          required:
          - grantTypes
          - scope
+          - secretName
          type: object
        status:
          properties:
-            clientID:
-              description: ClientID is the id for this client.
-              type: string
            observedGeneration:
              description: ObservedGeneration represents the most recent generation
                observed by the daemon set controller.
@ -442,10 +447,6 @@ spec:
                  description: Code is the status code of the reconciliation error
                  type: string
              type: object
-            secret:
-              description: Secret points to the K8s secret that contains this client's
-                id and password
-              type: string
          type: object
      type: object
  versions:
--- a/config/samples/hydra_v1alpha1_oauth2client.yaml
+++ b/config/samples/hydra_v1alpha1_oauth2client.yaml
@ -13,4 +13,5 @@ spec:
    - id_token
    - code
    - token
-  scope: "read write"
+  scope: "read write"
+  secretName: my-secret-123
--- a/config/samples/hydra_v1alpha1_oauth2client_user_credentials.yaml
+++ b/config/samples/hydra_v1alpha1_oauth2client_user_credentials.yaml
@ -0,0 +1,27 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: my-secret-456
+  namespace: default
+type: Opaque
+data:
+  client_id: MDA5MDA5MDA=
+  client_secret: czNjUjM3cDRzc1ZWMHJEMTIzNA==
+---
+apiVersion: hydra.ory.sh/v1alpha1
+kind: OAuth2Client
+metadata:
+  name: my-oauth2-client-2
+  namespace: default
+spec:
+  grantTypes:
+    - client_credentials
+    - implicit
+    - authorization_code
+    - refresh_token
+  responseTypes:
+    - id_token
+    - code
+    - token
+  scope: "read write"
+  secretName: my-secret-456