Feat: support private terraform registry

[ramekris3163]

pull request to support volume mounting of the credentials.tfrc.json and .terraformrc files to be able to connect to private terraform registry.

[codecov]

Codecov Report

Base: 79.31% // Head: 80.36% // Increases project coverage by +1.04% 🎉

Coverage data is based on head (5b3fffb) compared to base (3a96f68).
Patch coverage: 89.84% of modified lines in pull request are covered.

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #352      +/-   ##
==========================================
+ Coverage   79.31%   80.36%   +1.04%     
==========================================
  Files          23       23              
  Lines        1750     1935     +185     
==========================================
+ Hits         1388     1555     +167     
- Misses        278      290      +12     
- Partials       84       90       +6     

Flag	Coverage Δ
e2e	?
unit	80.36% <89.84%> (+1.04%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
controllers/configuration_controller.go	79.55% <89.84%> (+2.19%)	⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

[chivalryq]

Thanks for contribution. These capabilities is important. Here are some suggestions about code optimization:

1. Consider the variable name, especially about Registry.
2. Reduce the duplication. make it more maintainable and easier for other contributors to understand and build upon.

[chivalryq]

If I understand correctly, all constant, variables, and functions named "TerraformRegistryConfigMapReference" refer to .terraformrc file stored in a ConfigMap). But we shouldn't refer it as simply Registry because this file contains more configuration more than just registry than registry information. It would be more appropriate to refer to it as "TerraformRC".

[ramekris3163]

fixed as per review comments.

[chivalryq]

Here we have four similar logics fragment. It would be better to organize the content with a table like:

secretConfigMapToCheck:=struct{
  ref *SecretConfigMapReference
  notFoundState ConfigurationState
}{
  {gitRef, InvalidGitCredentialsSecretReference},
  {credsRef, InvalidTerraformCredentialsSecretReference
}

for _,check:=range secretConfigMapToCheck{
  // check the secret or configMap
}

[ramekris3163]

fixed as per review comments.

[chivalryq]

The four (three new added and createGitAuthConfigVolume) similar function can be unified. Please implement them with a generator function.

[ramekris3163]

fixed as per review comments.

[chivalryq]

Also, these GetFooSecret/GetFooConfigMap can be unified with a generator function.

[ramekris3163]

fixed as per review comment.

[ramekris3163]

removed GetFooSecret/GetFooConfigMap functions and we call GetSecretOrConfigMap to retrieve the secret/configmap

[chivalryq]

You can use git commit -s to sign-off the DCO.

[chivalryq]

Please format the comment.

[ramekris3163]

fixed

[chivalryq]

You can replace the refType with a function and use this function to check the existence. No need to match by type.

[]struct {
		ref           *v1.SecretReference
		notFoundState types.ConfigurationState
		checkFn       func(ctx context.Context, k8sClient client.Client, ref *Reference) (metav1.Object, error) 
}

There is another thing to do: define a Reference struct which has all field of SecretReference and ConfigMapReference. You can cast the type to Reference when you call check

[chivalryq]

See #352 (comment). And checkFn will be assigned with GetObjectByReferenceFn(ctx, client, ref, needKey, errMsg)

[ramekris3163]

removed the function call and changed the code to call a single method to retrieve secret or configmap.

[chivalryq]

And this become

checkedObj,err:= check.checkFn(ctx, k8sObject, (*Reference)check.ref)
// check err and objects...

[ramekris3163]

removed the function call.

[chivalryq]

This is the same. Embed a function in a table and loop it instead of execute respectively。

[ramekris3163]

fixed

[chivalryq]

Well, we're used to check the err first. Sometimes you can assume that if configMap returned isn't nil, then no error happens. But it depends. My suggestion is to check it first.

[ramekris3163]

fixed

[chivalryq]

Great, seems you have made some abstraction using GetSecretOrConfigMap. As I mentioned in the last review, we can make GetFooConfigMap/GetBarSecret function more general.

You can use a function to generate these function like

type ObjectGetter func (ctx context.Context, k8sClient client.Client, ref *Reference) (metav1.Object,error)
func GetObjectByReferenceFn(ctx context.Context, k8sClient client.Client, ref *Reference, ,needKeys []string, errMsg string) ObjectGetter {
	return func(ctx context.Context, k8sClient client.Client, ref *Reference)(metav1.Object,error){
		// get configMap or Secret
		// check err
		// return metav1.Object
	}
}

Returned metav1.Object is an option. You can also use unstructrured.Unstructured. They are type/interface that can represent both Secret and ConfigMap from k8s.io/apimechinary.

[ramekris3163]

fixed

[chivalryq]

Suggested change

	func TestAssembleTerraformJobWithTerraformRegistryConfigAndCredentialsSecretRef(t *testing.T) {
	func TestAssembleTerraformJobWithTerraformRCAndCredentials(t *testing.T) {

[ramekris3163]

fixed

[chivalryq]

Why not merge this with the last test?

[ramekris3163]

merged the two tests.

[chivalryq]

Suggested change

	Name: "terraform-credentials",
	Name: "secret-not-exist",

[ramekris3163]

fixed.

[chivalryq]

Generally LGTM. Please add some e2e test.