crossplane-contrib · frkouokam · Apr 25, 2024 · May 22, 2024 · MisterMX · May 13, 2024
diff --git a/apis/projects/v1alpha1/project_types.go b/apis/projects/v1alpha1/project_types.go
@@ -148,6 +148,16 @@
 	NameRegex *string `url:"name_regex,omitempty" json:"name_regex,omitempty"`
 }
 
+// Struct representing the secret name and the secret namespace to use when importing a project with secret
+type ImportUrlSecretRef struct {
+	Name      string `json:"secretName"`
+	Namespace string `json:"secretNamespace"`
+	// +kubebuilder:default:=username
+	UsernameKey string `json:"username"`
+	// +kubebuilder:default:=password
+	PasswordKey string `json:"password"`
+}
+
 // ProjectParameters define the desired state of a Gitlab Project
 type ProjectParameters struct {
 	// Set whether or not merge requests can be merged with skipped jobs.
@@ -244,10 +254,15 @@
 	// +immutable
 	GroupWithProjectTemplatesID *int `json:"groupWithProjectTemplatesId,omitempty"`
 
-	// URL to import repository from.
+	// URL to import repository from. Provided credentials in the URL will be overwritten in case a valid secretRef is present in ImportUrlSecretRef.
 	// +optional
+	// +kubebuilder:validation:MinLength=9
 	ImportURL *string `json:"importUrl,omitempty"`
 
+	// Secret to use when importing project with secret. Provided credentials in ImportUrl will be overwitten with the credentials found in ImportUrlSecretRel.
+	// +optional
+	ImportUrlSecretRef *ImportUrlSecretRef `json:"importUrlSecretRef,omitempty"`
+
 	// false by default.
 	// +optional
 	// +immutable

diff --git a/apis/projects/v1alpha1/zz_generated.deepcopy.go b/apis/projects/v1alpha1/zz_generated.deepcopy.go
diff --git a/package/crds/projects.gitlab.crossplane.io_projects.yaml b/package/crds/projects.gitlab.crossplane.io_projects.yaml
@@ -162,8 +162,32 @@ spec:
                       to be true.
                     type: integer
                   importUrl:
-                    description: URL to import repository from.
-                    type: string
+                    description: URL to import repository from. Provided credentials
+                      in the URL will be overwritten in case a valid secretRef is
+                      present in ImportUrlSecretRef.
+                    minLength: 9
+                    type: string
+                  importUrlSecretRef:
+                    description: Secret to use when importing project with secret.
+                      Provided credentials in ImportUrl will be overwitten with the
+                      credentials found in ImportUrlSecretRel.
+                    properties:
+                      password:
+                        default: password
+                        type: string
+                      secretName:
+                        type: string
+                      secretNamespace:
+                        type: string
+                      username:
+                        default: username
+                        type: string
+                    required:
+                    - password
+                    - secretName
+                    - secretNamespace
+                    - username
+                    type: object
                   initializeWithReadme:
                     description: false by default.
                     type: boolean

diff --git a/pkg/controller/projects/projects/project.go b/pkg/controller/projects/projects/project.go
@@ -21,6 +21,8 @@
 	"strconv"
 
 	"github.com/xanzy/go-gitlab"
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/utils/ptr"
 
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
@@ -41,6 +43,10 @@
 	"github.com/crossplane-contrib/provider-gitlab/pkg/clients"
 	"github.com/crossplane-contrib/provider-gitlab/pkg/clients/projects"
 	"github.com/crossplane-contrib/provider-gitlab/pkg/features"
+
+	"net/url"
+
+	corev1 "k8s.io/api/core/v1"
 )
 
 const (
@@ -50,6 +56,10 @@
 	errUpdateFailed     = "cannot update Gitlab project"
 	errDeleteFailed     = "cannot delete Gitlab project"
 	errGetFailed        = "cannot retrieve Gitlab project with"
+	errNoImportSecret   = "cannot retrieve secret for import"
+	errUsernameNotFound = "No username in secret for import project"
+	errPasswordNotFound = "No password in secret for import project"
+	errParseUrlFailed   = "Could not parse the provided importUrl"
 )
 
 // SetupProject adds a controller that reconciles Projects.
@@ -144,12 +154,74 @@
 	}, nil
 }
 
+func buildImportUrl(ctx context.Context, cr *v1alpha1.Project, e *external) error {
+
+	keySecretRef := cr.Spec.ForProvider.ImportUrlSecretRef
+	importUrl := cr.Spec.ForProvider.ImportURL
+
+	// User has provided secret for the import
+	secretRefIsNotEmpty := keySecretRef != nil && keySecretRef.Namespace != "" && keySecretRef.Name != ""
+	keysAreNotEmpty := keySecretRef != nil && keySecretRef.PasswordKey != "" && keySecretRef.UsernameKey != ""
+	importUrlIsNotEmpty := ptr.Deref(importUrl, "") != ""
+
+	if secretRefIsNotEmpty && keysAreNotEmpty && importUrlIsNotEmpty {
+		// Retrieve secret from k8s
+		namespacedName := types.NamespacedName{
+			Namespace: keySecretRef.Namespace,
+			Name:      keySecretRef.Name,
+		}
+
+		secret := &corev1.Secret{}
+
+		err := e.kube.Get(ctx, namespacedName, secret)
+
+		if err != nil {
+			return errors.Wrap(err, errNoImportSecret)
+		}
+
+		// Obtain the password from the secret.
+		password := string(secret.Data[keySecretRef.PasswordKey])
+		if password == "" {
+			return errors.Wrap(err, errPasswordNotFound)
+		}
+
+		// Obtain the username from the secret.
+		username := string(secret.Data[keySecretRef.UsernameKey])
+		if username == "" {
+			return errors.Wrap(err, errUsernameNotFound)
+		}
+
+		// manipulate url to add the secret. If secret is already in the url, it should be overridden
+		// https://username:[email protected]
+		parsedUrl, err := url.Parse(*importUrl)
+
+		if err != nil {
+			return errors.Wrap(err, errParseUrlFailed)
+		}
+
+		userInfo := url.UserPassword(username, password)
+
+		parsedUrl.User = userInfo
+
+		// Override importUrl with the manipulated URL containing the credentials found in ImportSecretRef.
+		*importUrl = parsedUrl.String()
+	}
+
+	return nil
+}
+
 func (e *external) Create(ctx context.Context, mg resource.Managed) (managed.ExternalCreation, error) {
 	cr, ok := mg.(*v1alpha1.Project)
 	if !ok {
 		return managed.ExternalCreation{}, errors.New(errNotProject)
 	}
 
+	err := buildImportUrl(ctx, cr, e)
+
+	if err != nil {
+		return managed.ExternalCreation{}, errors.WithStack(err)
+	}
+
 	prj, _, err := e.client.CreateProject(
 		projects.GenerateCreateProjectOptions(cr.Name, &cr.Spec.ForProvider),
 		gitlab.WithContext(ctx),