Extend ack-generate to generate slice with elements of type K8s Secret

pkg/generate/code/set_sdk.go

@@ -236,17 +236,6 @@ func SetSDK(
 		sourceAdaptedVarName += "." + f.Names.Camel
 		sourceFieldPath := f.Names.Camel
 
-		if r.IsSecretField(memberName) {
-			out += setSDKForSecret(
-				cfg, r,
-				memberName,
-				targetVarName,
-				sourceAdaptedVarName,
-				indentLevel,
-			)
-			continue
-		}
-
 		memberShapeRef, _ := inputShape.MemberRefs[memberName]
 		memberShape := memberShapeRef.Shape
 
@@ -339,16 +328,26 @@ func SetSDK(
 				)
 			}
 		default:
-			out += setSDKForScalar(
-				cfg, r,
-				memberName,
-				targetVarName,
-				inputShape.Type,
-				sourceFieldPath,
-				sourceAdaptedVarName,
-				memberShapeRef,
-				indentLevel+1,
-			)
+			if r.IsSecretField(memberName) {
+				out += setSDKForSecret(
+					cfg, r,
+					memberName,
+					targetVarName,
+					sourceAdaptedVarName,
+					indentLevel,
+				)
+			} else {
+				out += setSDKForScalar(
+					cfg, r,
+					memberName,
+					targetVarName,
+					inputShape.Type,
+					sourceFieldPath,
+					sourceAdaptedVarName,
+					memberShapeRef,
+					indentLevel+1,
+				)
+			}
 		}
 		out += fmt.Sprintf(
 			"%s}\n", indent,
@@ -770,6 +769,25 @@ func setSDKForContainer(
 			indentLevel,
 		)
 	default:
+		if r.IsSecretField(sourceFieldPath) {
+			indent := strings.Repeat("\t", indentLevel)
+			// if ko.Spec.MasterUserPassword != nil {
+			out := fmt.Sprintf(
+				"%sif %s != nil {\n",
+				indent, sourceVarName,
+			)
+			out += setSDKForSecret(
+				cfg, r,
+				"",
+				targetVarName,
+				sourceVarName,
+				indentLevel,
+			)
+			// }
+			out += fmt.Sprintf("%s}\n", indent)
+			return out
+		}
+
 		return setSDKForScalar(
 			cfg, r,
 			targetFieldName,
@@ -789,15 +807,27 @@ func setSDKForContainer(
 //
 // The Go code output from this function looks like this:
 //
-// if ko.Spec.MasterUserPassword != nil {
 //     tmpSecret, err := rm.rr.SecretValueFromReference(ctx, ko.Spec.MasterUserPassword)
 //     if err != nil {
 //         return nil, err
 //     }
 //     if tmpSecret != "" {
 //         res.SetMasterUserPassword(tmpSecret)
 //     }
-// }
+//
+//     or:
+//
+//     tmpSecret, err := rm.rr.SecretValueFromReference(ctx, f3iter)
+//     if err != nil {
+//         return nil, err
+//     }
+//     if tmpSecret != "" {
+//         f3elem = tmpSecret
+//     }
+//
+// The second case is used when the SecretKeyReference field
+// is a slice of `[]*string` in the original AWS API Input shape.
+
 func setSDKForSecret(
 	cfg *ackgenconfig.Config,
 	r *model.CRD,
@@ -809,15 +839,11 @@ func setSDKForSecret(
 	sourceVarName string,
 	indentLevel int,
 ) string {
+
 	out := ""
 	indent := strings.Repeat("\t", indentLevel)
 	secVar := "tmpSecret"
 
-	// if ko.Spec.MasterUserPassword != nil {
-	out += fmt.Sprintf(
-		"%sif %s != nil {\n",
-		indent, sourceVarName,
-	)
 	//     tmpSecret, err := rm.rr.SecretValueFromReference(ctx, ko.Spec.MasterUserPassword)
 	out += fmt.Sprintf(
 		"%s\t%s, err := rm.rr.SecretValueFromReference(ctx, %s)\n",
@@ -833,13 +859,18 @@ func setSDKForSecret(
 	//         res.SetMasterUserPassword(tmpSecret)
 	//     }
 	out += fmt.Sprintf("%s\tif tmpSecret != \"\" {\n", indent)
-	out += fmt.Sprintf(
-		"%s\t\t%s.Set%s(%s)\n",
-		indent, targetVarName, targetFieldName, secVar,
-	)
+	if targetFieldName == "" {
+		out += fmt.Sprintf(
+			"%s\t\t%s = %s\n",
+			indent, targetVarName, secVar,
+		)
+	} else {
+		out += fmt.Sprintf(
+			"%s\t\t%s.Set%s(%s)\n",
+			indent, targetVarName, targetFieldName, secVar,
+		)
+	}
 	out += fmt.Sprintf("%s\t}\n", indent)
-	// }
-	out += fmt.Sprintf("%s}\n", indent)
 	return out
 }
 
@@ -871,16 +902,7 @@ func setSDKForStruct(
 		cleanMemberName := cleanMemberNames.Camel
 		sourceAdaptedVarName := sourceVarName + "." + cleanMemberName
 		memberFieldPath := sourceFieldPath + "." + cleanMemberName
-		if r.IsSecretField(memberFieldPath) {
-			out += setSDKForSecret(
-				cfg, r,
-				memberName,
-				targetVarName,
-				sourceAdaptedVarName,
-				indentLevel,
-			)
-			continue
-		}
+
 		out += fmt.Sprintf(
 			"%sif %s != nil {\n", indent, sourceAdaptedVarName,
 		)
@@ -918,16 +940,26 @@ func setSDKForStruct(
 				)
 			}
 		default:
-			out += setSDKForScalar(
-				cfg, r,
-				memberName,
-				targetVarName,
-				targetShape.Type,
-				memberFieldPath,
-				sourceAdaptedVarName,
-				memberShapeRef,
-				indentLevel+1,
-			)
+			if r.IsSecretField(memberFieldPath) {
+				out += setSDKForSecret(
+					cfg, r,
+					memberName,
+					targetVarName,
+					sourceAdaptedVarName,
+					indentLevel,
+				)
+			} else {
+				out += setSDKForScalar(
+					cfg, r,
+					memberName,
+					targetVarName,
+					targetShape.Type,
+					memberFieldPath,
+					sourceAdaptedVarName,
+					memberShapeRef,
+					indentLevel+1,
+				)
+			}
 		}
 		out += fmt.Sprintf(
 			"%s}\n", indent,
@@ -974,14 +1006,16 @@ func setSDKForSlice(
 	//
 	//  f0elem.SetMyField(*f0iter)
 	containerFieldName := ""
+	sourceAttributePath := sourceFieldPath
 	if targetShape.MemberRef.Shape.Type == "structure" {
 		containerFieldName = targetFieldName
+		sourceAttributePath = sourceFieldPath+"."
 	}
 	out += setSDKForContainer(
 		cfg, r,
 		containerFieldName,
 		elemVarName,
-		sourceFieldPath+".",
+		sourceAttributePath,
 		iterVarName,
 		&targetShape.MemberRef,
 		indentLevel+1,

pkg/generate/code/set_sdk_test.go

@@ -1109,6 +1109,49 @@ func TestSetSDK_Elasticache_ReplicationGroup_Update_Override_Values(t *testing.T
 	)
 }
 
+func TestSetSDK_Elasticache_User_Create_Override_Values(t *testing.T) {
+	assert := assert.New(t)
+	require := require.New(t)
+
+	g := testutil.NewGeneratorForService(t, "elasticache")
+
+	crd := testutil.GetCRDByName(t, g, "User")
+	require.NotNil(crd)
+
+	expected := `
+	if r.ko.Spec.AccessString != nil {
+		res.SetAccessString(*r.ko.Spec.AccessString)
+	}
+	if r.ko.Spec.NoPasswordRequired != nil {
+		res.SetNoPasswordRequired(*r.ko.Spec.NoPasswordRequired)
+	}
+	if r.ko.Spec.Passwords != nil {
+		f3 := []*string{}
+		for _, f3iter := range r.ko.Spec.Passwords {
+			var f3elem string
+			if f3iter != nil {
+				tmpSecret, err := rm.rr.SecretValueFromReference(ctx, f3iter)
+				if err != nil {
+					return nil, err
+				}
+				if tmpSecret != "" {
+					f3elem = tmpSecret
+				}
+			}
+			f3 = append(f3, &f3elem)
+		}
+		res.SetPasswords(f3)
+	}
+	if r.ko.Spec.UserID != nil {
+		res.SetUserId(*r.ko.Spec.UserID)
+	}
+`
+	assert.Equal(
+		expected,
+		code.SetSDK(crd.Config(), crd, model.OpTypeUpdate, "r.ko", "res", 1),
+	)
+}
+
 func TestSetSDK_RDS_DBInstance_Create(t *testing.T) {
 	assert := assert.New(t)
 	require := require.New(t)

pkg/generate/elasticache_test.go

@@ -274,6 +274,13 @@ func TestElasticache_ValidateAuthTokenIsSecret(t *testing.T) {
 
 	assert := assert.New(t)
 	assert.Equal("*ackv1alpha1.SecretKeyReference", crd.SpecFields["AuthToken"].GoType)
-	assert.Equal("ackv1alpha1.SecretKeyReference", crd.SpecFields["AuthToken"].GoTypeElem)
+	assert.Equal("SecretKeyReference", crd.SpecFields["AuthToken"].GoTypeElem)
 	assert.Equal("*ackv1alpha1.SecretKeyReference", crd.SpecFields["AuthToken"].GoTypeWithPkgName)
+
+	crd = getCRDByName("User", crds)
+	require.NotNil(crd)
+
+	assert.Equal("[]*ackv1alpha1.SecretKeyReference", crd.SpecFields["Passwords"].GoType)
+	assert.Equal("SecretKeyReference", crd.SpecFields["Passwords"].GoTypeElem)
+	assert.Equal("[]*ackv1alpha1.SecretKeyReference", crd.SpecFields["Passwords"].GoTypeWithPkgName)
 }

pkg/generate/testdata/models/apis/elasticache/0000-00-00/generator.yaml

@@ -18,6 +18,10 @@ resources:
         from:
           operation: DescribeEvents
           path: Events
+  User:
+    fields:
+      Passwords:
+        is_secret: true
   ReplicationGroup:
     update_conditions_custom_method_name: CustomUpdateConditions
     exceptions:
@@ -126,7 +130,6 @@ ignore:
     - GlobalReplicationGroup
     - CacheCluster
     - CacheSecurityGroup
-    - User
     - UserGroup
   field_paths:
     - DescribeSnapshotsInput.CacheClusterId

pkg/model/field.go

@@ -95,12 +95,8 @@ func NewField(
 		shape = shapeRef.Shape
 	}
 
-	if cfg != nil && cfg.IsSecret {
-		gt = "*ackv1alpha1.SecretKeyReference"
-		gte = "ackv1alpha1.SecretKeyReference"
-		gtwp = "*ackv1alpha1.SecretKeyReference"
-	} else if shape != nil {
-		gte, gt, gtwp = cleanGoType(crd.sdkAPI, crd.cfg, shape)
+	if shape != nil {
+		gte, gt, gtwp = cleanGoType(crd.sdkAPI, crd.cfg, shape, cfg)
 	} else {
 		gte = "string"
 		gt = "*string"

pkg/model/types.go

@@ -29,6 +29,7 @@ func cleanGoType(
 	api *SDKAPI,
 	cfg *ackgenconfig.Config,
 	shape *awssdkmodel.Shape,
+	fieldCfg *ackgenconfig.FieldConfig,
 ) (string, string, string) {
 	// There are shapes that are called things like DBProxyStatus that are
 	// fields in a DBProxy CRD... we need to ensure the type names don't
@@ -48,20 +49,26 @@ func cleanGoType(
 	} else if shape.Type == "list" {
 		// If it's a list type, where the element is a structure, we need to
 		// set the GoType to the cleaned-up Camel-cased name
-		mgte, mgt, _ := cleanGoType(api, cfg, shape.MemberRef.Shape)
+		mgte, mgt, mgtwp := cleanGoType(api, cfg, shape.MemberRef.Shape, fieldCfg)
 		cleanNames := names.New(mgte)
 		gte = cleanNames.Camel
 		if api.HasConflictingTypeName(mgte, cfg) {
 			gte += "_SDK"
 		}
 
 		gt = "[]" + mgt
+		gtwp = "[]" + mgtwp
 	} else if shape.Type == "timestamp" {
 		// time.Time needs to be converted to apimachinery/metav1.Time
 		// otherwise there is no DeepCopy support
 		gtwp = "*metav1.Time"
 		gte = "metav1.Time"
 		gt = "*metav1.Time"
+	} else if fieldCfg != nil && fieldCfg.IsSecret {
+		gt = "*ackv1alpha1.SecretKeyReference"
+		gte = "SecretKeyReference"
+		gtwp = "*ackv1alpha1.SecretKeyReference"
+		return gte, gt, gtwp
 	}
 
 	// Replace the type part of the full type-with-package-name with the