Extend ack-generate to generate slice with elements of type K8s Secret

[kumargauravsharma]

Issue: aws-controllers-k8s/community#828

Description of changes:
With this code change, when a field of type slice
is configured as secret type inside Generator config,
then the generated CRD yaml allows specifying multiple k8s secret values
for that field in input yaml and generated sdk code supplies these values
to the resource API input field as slice type.

Added unit tests to test the scenario.

Details on resultant generated code:
Taking ElastiCache User API has passwords filed as example:
ElastiCache User API has passwords filed of type []*string in the API input. Reference API docs

When this field is configured as secret type inside Generator config:

resources:
  User:
    fields:
      Passwords:
        is_secret: true

and service controller code is generated with changes from this PR then,
the generated CRD yaml for password field is:

              passwords:
                description: Passwords used for this user. You can create up to two
                  passwords for each user.
                items:
                  description: SecretKeyReference combines a k8s corev1.SecretReference
                    with a specific key within the referred-to Secret
                  properties:
                    key:
                      description: Key is the key within the secret
                      type: string
                    name:
                      description: Name is unique within a namespace to reference
                        a secret resource.
                      type: string
                    namespace:
                      description: Namespace defines the space within which the secret
                        name must be unique.
                      type: string
                  required:
                  - key
                  type: object
                type: array

Observe that the password field is array type with K8s Secreret as element type

and User resource sdk.go file contain following code for password field while setting the inputs:

	if r.ko.Spec.Passwords != nil {
		f3 := []*string{}
		for _, f3iter := range r.ko.Spec.Passwords {
			var f3elem string
			if f3iter != nil {
				tmpSecret, err := rm.rr.SecretValueFromReference(ctx, f3iter)
				if err != nil {
					return nil, err
				}
				if tmpSecret != "" {
					f3elem = tmpSecret
				}
			}
			f3 = append(f3, &f3elem)
		}
		res.SetPasswords(f3)
	}

Observe that it supplies the secrets values as slice type to the input API.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Testing:

1. make test passed for code-generator which contained already existing tests for secret fields code generation scenarios for MQ, ElastiCache ReplicationGroup.
2. make test passed for ElastiCache ACK controller generated code.
3. Generated ElastiCache controller code did not have any unrelated/unexpected changes.

[nmvk]

LGTM

[jaypipes]

This is awesomesauce, @kumargauravsharma :) I have one question and a small suggestion inline, but overall this looks great.

[jaypipes]

Instead of adding the additional conditionals here, how about we move this block of code:

if r.IsSecretFieildmemberName) {
...
}

down to original line 341, right below this:

		default:

which is the code block that executes for scalar field types.

We could clean up the setSDKForSecret function to remove the if XXX != nil {` guard from here:

code-generator/pkg/generate/code/set_sdk.go

Lines 816 to 820 in cac5654

	// if ko.Spec.MasterUserPassword != nil {
	out += fmt.Sprintf(
	"%sif %s != nil {\n",
	indent, sourceVarName,
	)

and here:

code-generator/pkg/generate/code/set_sdk.go

Line 842 in cac5654

out += fmt.Sprintf("%s}\n", indent)

which would simplify both the setSDKForSecret function a bit that way and clean this conditional up a bit.

[kumargauravsharma]

Thanks for the suggestion.
I have refactored the code in next revision.

[jaypipes]

please update the above code comment to say something like this:

//     if tmpSecret != "" {
//         res.SetMasterUserPassword(tmpSecret)
//     }
//
//    or:
//
//     if tmpSecret != "" {
//         f3elem = tmpSecret
//     }
//
// The second case is used when the SecretKeyReference field
// is a slice of `[]*string` in the original AWS API Input shape.

[kumargauravsharma]

Updated code comments.

[jaypipes]

do we have a unit test that can stress this code path? I don't believe the unit test about User.Passwords will hit this.

[kumargauravsharma]

This path is unit tested in TestSetSDK_MQ_Broker_Create test for Users field.

[jaypipes]

good fix here. ++

[jaypipes]

Rock on :)

[jaypipes]

/lgtm

[ack-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jaypipes, kumargauravsharma, nmvk

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [jaypipes]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment