Skip to content

add ability to reference OIDC client secret from secret object#134

Open
olamilekan000 wants to merge 1 commit intokcp-dev:mainfrom
olamilekan000:refrence-oidc-clientsecret-using-secretref
Open

add ability to reference OIDC client secret from secret object#134
olamilekan000 wants to merge 1 commit intokcp-dev:mainfrom
olamilekan000:refrence-oidc-clientsecret-using-secretref

Conversation

@olamilekan000
Copy link
Contributor

@olamilekan000 olamilekan000 commented Jan 2, 2026

Summary

change adds referencing of OIDC client secret using secret object.

What Type of PR Is This?

/kind feature
/kind api-change

Related Issue(s)

Fixes 130

Release Notes

Added referencing of OIDC secret using k8s secret object.

@olamilekan000
add ability to refrence OIDC client secret from secret object
91f0162 
Signed-off-by: olalekan odukoya <odukoyaonline@gmail.com>
@kcp-ci-bot kcp-ci-bot added kind/feature Categorizes issue or PR as related to a new feature. release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API dco-signoff: yes Indicates the PR's author has signed the DCO. labels Jan 2, 2026
@kcp-ci-bot
Copy link
Contributor

kcp-ci-bot commented Jan 2, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign mjudeikis for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kcp-ci-bot kcp-ci-bot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Jan 2, 2026
mjudeikis
mjudeikis reviewed Jan 5, 2026
View reviewed changes
Copy link
Contributor

@mjudeikis mjudeikis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is just api? no implementation yet?

sdk/apis/operator/v1alpha1/common.go
Name string `json:"name"`
// Namespace is the namespace of the secret. If not specified, the secret is assumed to be in the same namespace as the resource.
// +optional
Namespace string `json:"namespace,omitempty"`
Copy link
Contributor

@mjudeikis mjudeikis Jan 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there point having namespace here? Can we refer and use secrets cross-namespaces?

Copy link
Contributor

@xrstf xrstf Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unless there's a strong reason to read cross-namespace resources, I would also vote against opening this can of worms.

Copy link
Member

@ntnn ntnn Mar 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@olamilekan000 Can you drop the namespace please?

Copy link
Member

@ntnn ntnn Mar 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Although, now that I think about it - it'd just but a blocker in if someone does need to read cross-namespace resources.

Copy link
Member

@ntnn ntnn Mar 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Then again, I think it'd be best to reuse the LocalDataKeyRef:

kcp-operator/sdk/apis/operator/v1alpha1/common.go

Lines 73 to 81 in 7b7489f

// LocalDataKeyReference is a reference to a namespace-local object storing
// key-value data, i.e. ConfigMap or Secret.
type LocalDataKeyReference struct {
// Name of the object.
Name string `json:"name"`
// Key in the data.
Key string `json:"key"`
}

Copy link
Contributor Author

@olamilekan000 olamilekan000 Mar 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

okay, will look into this

@ntnn ntnn added this to tbd Mar 17, 2026
@github-project-automation github-project-automation bot moved this to Backlog in tbd Mar 17, 2026
@ntnn ntnn moved this from Backlog to Reviewing in tbd Mar 19, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@xrstf xrstf xrstf left review comments

@mjudeikis mjudeikis mjudeikis left review comments

@ntnn ntnn ntnn left review comments

@embik embik Awaiting requested review from embik

Assignees

No one assigned

Labels

dco-signoff: yes Indicates the PR's author has signed the DCO. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API kind/feature Categorizes issue or PR as related to a new feature. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feature: Implement secretRef for oidc client secret in Custom Resources instead of string value

5 participants

@olamilekan000 @kcp-ci-bot @xrstf @mjudeikis @ntnn