feat(konnect): add KongCredentialSecretReconciler to reconcile consum…

…er Secrets and create Credential resources in response

.mockery.yaml

@@ -19,3 +19,4 @@ packages:
       PluginSDK:
       UpstreamsSDK:
       MeSDK:
+      CredentialBasicAuthSDK:

config/rbac/role/role.yaml

@@ -332,6 +332,26 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - konnect.konghq.com
+  resources:
+  - credentialbasicauths
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - konnect.konghq.com
+  resources:
+  - kongconsumers
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - konnect.konghq.com
   resources:

controller/konnect/constraints/constraints.go

@@ -19,6 +19,7 @@ type SupportedKonnectEntityType interface {
 		configurationv1.KongConsumer |
 		configurationv1beta1.KongConsumerGroup |
 		configurationv1alpha1.KongPluginBinding |
+		configurationv1alpha1.CredentialBasicAuth |
 		configurationv1alpha1.KongUpstream
 	// TODO: add other types
 

controller/konnect/index.go

@@ -5,6 +5,7 @@ import (
 
 	"github.com/kong/gateway-operator/controller/konnect/constraints"
 
+	configurationv1 "github.com/kong/kubernetes-configuration/api/configuration/v1"
 	configurationv1alpha1 "github.com/kong/kubernetes-configuration/api/configuration/v1alpha1"
 )
 
@@ -21,9 +22,13 @@ func ReconciliationIndexOptionsForEntity[
 	T constraints.SupportedKonnectEntityType,
 ]() []ReconciliationIndexOption {
 	var e TEnt
-	switch any(e).(type) { //nolint:gocritic // TODO: add index options required for other entities
+	switch any(e).(type) {
 	case *configurationv1alpha1.KongPluginBinding:
 		return IndexOptionsForKongPluginBinding()
+	case *configurationv1.KongConsumer:
+		return IndexOptionsForKongConsumer()
+	case *configurationv1alpha1.CredentialBasicAuth:
+		return IndexOptionsForCredentialsBasicAuth()
 	}
 	return nil
 }

controller/konnect/index_credentials_basicauth.go

@@ -0,0 +1,48 @@
+package konnect
+
+import (
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	configurationv1alpha1 "github.com/kong/kubernetes-configuration/api/configuration/v1alpha1"
+)
+
+const (
+	// IndexFieldCredentialReferencesKongConsumer is the index name for CredentialBasicAuth -> Consumer.
+	IndexFieldCredentialReferencesKongConsumer = "kongCredentialsBasicAuthConsumerRef"
+	// IndexFieldCredentialReferencesKongSecret is the index name for CredentialBasicAuth -> Secret.
+	IndexFieldCredentialReferencesKongSecret = "kongCredentialsBasicAuthSecretRef"
+)
+
+// IndexOptionsForCredentialsBasicAuth returns required Index options for CredentialBasicAuth.
+func IndexOptionsForCredentialsBasicAuth() []ReconciliationIndexOption {
+	return []ReconciliationIndexOption{
+		{
+			IndexObject:  &configurationv1alpha1.CredentialBasicAuth{},
+			IndexField:   IndexFieldCredentialReferencesKongConsumer,
+			ExtractValue: kongCredentialBasicAuthReferencesConsumer,
+		},
+		{
+			IndexObject:  &configurationv1alpha1.CredentialBasicAuth{},
+			IndexField:   IndexFieldCredentialReferencesKongSecret,
+			ExtractValue: kongCredentialBasicAuthReferencesSecret,
+		},
+	}
+}
+
+// kongCredentialBasicAuthReferencesConsumer returns the name of referenced Consumer.
+func kongCredentialBasicAuthReferencesConsumer(obj client.Object) []string {
+	cred, ok := obj.(*configurationv1alpha1.CredentialBasicAuth)
+	if !ok {
+		return nil
+	}
+	return []string{cred.Spec.ConsumerRef.Name}
+}
+
+// kongCredentialBasicAuthReferencesSecret returns the name of referenced Secret.
+func kongCredentialBasicAuthReferencesSecret(obj client.Object) []string {
+	cred, ok := obj.(*configurationv1alpha1.CredentialBasicAuth)
+	if !ok {
+		return nil
+	}
+	return []string{cred.Spec.SecretRef.Name}
+}

controller/konnect/index_kongconsumer.go

@@ -0,0 +1,32 @@
+package konnect
+
+import (
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	configurationv1 "github.com/kong/kubernetes-configuration/api/configuration/v1"
+)
+
+const (
+	// IndexFieldKongConsumerReferencesSecrets is the index field for Consumer -> Secret.
+	IndexFieldKongConsumerReferencesSecrets = "kongConsumerSecretRef"
+)
+
+// IndexOptionsForKongConsumer returns required Index options for Kong Consumer.
+func IndexOptionsForKongConsumer() []ReconciliationIndexOption {
+	return []ReconciliationIndexOption{
+		{
+			IndexObject:  &configurationv1.KongConsumer{},
+			IndexField:   IndexFieldKongConsumerReferencesSecrets,
+			ExtractValue: kongConsumerReferencesSecret,
+		},
+	}
+}
+
+// kongConsumerReferencesSecret returns name of referenced Secrets.
+func kongConsumerReferencesSecret(obj client.Object) []string {
+	consumer, ok := obj.(*configurationv1.KongConsumer)
+	if !ok {
+		return nil
+	}
+	return consumer.Credentials
+}

controller/konnect/ops/credenetialbasicauth.go

@@ -0,0 +1,14 @@
+package ops
+
+import (
+	"context"
+
+	sdkkonnectops "github.com/Kong/sdk-konnect-go/models/operations"
+)
+
+// CredentialBasicAuthSDK is the interface for the Konnect CredentialBasicAuthSDK.
+type CredentialBasicAuthSDK interface {
+	CreateBasicAuthWithConsumer(ctx context.Context, req sdkkonnectops.CreateBasicAuthWithConsumerRequest, opts ...sdkkonnectops.Option) (*sdkkonnectops.CreateBasicAuthWithConsumerResponse, error)
+	DeleteBasicAuthWithConsumer(ctx context.Context, request sdkkonnectops.DeleteBasicAuthWithConsumerRequest, opts ...sdkkonnectops.Option) (*sdkkonnectops.DeleteBasicAuthWithConsumerResponse, error)
+	UpsertBasicAuthWithConsumer(ctx context.Context, request sdkkonnectops.UpsertBasicAuthWithConsumerRequest, opts ...sdkkonnectops.Option) (*sdkkonnectops.UpsertBasicAuthWithConsumerResponse, error)
+}