feat: support inline auth for vCenter (#338)

## Issue

## Description

Modifies the auth struct to also support directly passing account
credentials

If a secretName is referenced in the auth, we will still default to
pulling creds from the secret.

Author: arturshadnik

api/v1alpha1/vspherevalidator_types.go

@@ -6,6 +6,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	"github.com/validator-labs/validator-plugin-vsphere/pkg/constants"
+	"github.com/validator-labs/validator-plugin-vsphere/pkg/vsphere"
 )
 
 // VsphereValidatorSpec defines the desired state of VsphereValidator
@@ -33,7 +34,9 @@ func (s VsphereValidatorSpec) ResultCount() int {
 // VsphereAuth defines authentication configuration for an VsphereValidator.
 type VsphereAuth struct {
 	// SecretName is the name of the secret containing the vSphere credentials
-	SecretName string `json:"secretName" yaml:"secretName"`
+	SecretName string `json:"secretName,omitempty" yaml:"secretName,omitempty"`
+	// CloudAccount is the vSphere cloud account to use for authentication
+	CloudAccount *vsphere.CloudAccount `json:"cloudAccount,omitempty" yaml:"cloudAccount,omitempty"`
 }
 
 // NTPValidationRule defines the NTP validation rule

api/v1alpha1/zz_generated.deepcopy.go

@@ -43,12 +43,39 @@ spec:
                 description: VsphereAuth defines authentication configuration for
                   an VsphereValidator.
                 properties:
+                  cloudAccount:
+                    description: CloudAccount is the vSphere cloud account to use
+                      for authentication
+                    properties:
+                      insecure:
+                        description: Insecure is a flag that controls whether to validate
+                          the vSphere server's certificate.
+                        type: boolean
+                      password:
+                        description: |-
+                          password
+                          Required: true
+                        type: string
+                      username:
+                        description: |-
+                          username
+                          Required: true
+                        type: string
+                      vcenterServer:
+                        description: |-
+                          VcenterServer is the address of the vSphere endpoint
+                          Required: true
+                        type: string
+                    required:
+                    - insecure
+                    - password
+                    - username
+                    - vcenterServer
+                    type: object
                   secretName:
                     description: SecretName is the name of the secret containing the
                       vSphere credentials
                     type: string
-                required:
-                - secretName
                 type: object
               computeResourceRules:
                 items:

chart/validator-plugin-vsphere/crds/validation.spectrocloud.labs_vspherevalidators.yaml

@@ -43,12 +43,39 @@ spec:
                 description: VsphereAuth defines authentication configuration for
                   an VsphereValidator.
                 properties:
+                  cloudAccount:
+                    description: CloudAccount is the vSphere cloud account to use
+                      for authentication
+                    properties:
+                      insecure:
+                        description: Insecure is a flag that controls whether to validate
+                          the vSphere server's certificate.
+                        type: boolean
+                      password:
+                        description: |-
+                          password
+                          Required: true
+                        type: string
+                      username:
+                        description: |-
+                          username
+                          Required: true
+                        type: string
+                      vcenterServer:
+                        description: |-
+                          VcenterServer is the address of the vSphere endpoint
+                          Required: true
+                        type: string
+                    required:
+                    - insecure
+                    - password
+                    - username
+                    - vcenterServer
+                    type: object
                   secretName:
                     description: SecretName is the name of the secret containing the
                       vSphere credentials
                     type: string
-                required:
-                - secretName
                 type: object
               computeResourceRules:
                 items:

config/crd/bases/validation.spectrocloud.labs_vspherevalidators.yaml

@@ -0,0 +1,31 @@
+apiVersion: validation.spectrocloud.labs/v1alpha1
+kind: VsphereValidator
+metadata:
+  labels:
+    app.kubernetes.io/name: vspherevalidator
+    app.kubernetes.io/instance: vspherevalidator-sample
+    app.kubernetes.io/part-of: validator-plugin-vsphere
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/created-by: validator-plugin-vsphere
+  name: vspherevalidator-compute
+  namespace: validator
+spec:
+  datacenter: "Datacenter"
+  computeResourceRules:
+   - name: "rp-cluster2-palette-advanced-projects check resources"
+     clusterName: Cluster2
+     scope: resourcepool
+     entityName: "rp-cluster2-palette-advanced-projects"
+     nodepoolResourceRequirements:
+       - name: control-plane-pool
+         numberOfNodes: 3
+         cpu: "1GHz"
+         memory: 8Gi
+         diskSpace: 80Gi
+       - name: worker-pool
+         numberOfNodes: 2
+         cpu: "2GHz"
+         memory: 8Gi
+         diskSpace: 100Gi
+  auth:
+    secretName: vsphere-creds

config/samples/vsphere-validator-compute.yaml

@@ -0,0 +1,23 @@
+apiVersion: validation.spectrocloud.labs/v1alpha1
+kind: VsphereValidator
+metadata:
+  labels:
+    app.kubernetes.io/name: vspherevalidator
+    app.kubernetes.io/instance: vspherevalidator-sample
+    app.kubernetes.io/part-of: validator-plugin-vsphere
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/created-by: validator-plugin-vsphere
+  name: vspherevalidator-entity-privilege
+  namespace: validator
+spec:
+  datacenter: "Datacenter"
+  auth:
+    secretName: vsphere-creds
+  entityPrivilegeValidationRules:
+    - name: "Deploy VM to vapp test-vapp"
+      username: prakash@vsphere.local
+      entityName: "sp-prakash"
+      entityType: "folder"
+      privileges:
+      - "VirtualMachine.Config.AddExistingDisk"
+      - "VirtualMachine.Config.AddNewDisk"

config/samples/vsphere-validator-entity-privilege.yaml

@@ -0,0 +1,25 @@
+apiVersion: validation.spectrocloud.labs/v1alpha1
+kind: VsphereValidator
+metadata:
+  labels:
+    app.kubernetes.io/name: vspherevalidator
+    app.kubernetes.io/instance: vspherevalidator-sample
+    app.kubernetes.io/part-of: validator-plugin-vsphere
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/created-by: validator-plugin-vsphere
+  name: vspherevalidator-explicit-auth
+  namespace: validator
+spec:
+  datacenter: "Datacenter"
+  auth:
+    cloudAccount:
+      insecure: true
+      username: "user@vsphere.local"
+      password: "password"
+      vcenterServer: "vcenter.example.com"
+  tagValidationRules:
+    - name: "Folder tag validation"
+      clusterName: "Cluster2"
+      entityType: "folder"
+      entityName: "sp-prakash"
+      tag: "owner"

config/samples/vsphere-validator-explicit-auth.yaml

@@ -7,7 +7,7 @@ metadata:
     app.kubernetes.io/part-of: validator-plugin-vsphere
     app.kubernetes.io/managed-by: kustomize
     app.kubernetes.io/created-by: validator-plugin-vsphere
-  name: vspherevalidator
+  name: vspherevalidator-ntp
   namespace: validator
 spec:
   datacenter: "Datacenter"
@@ -19,4 +19,4 @@ spec:
         - 10.10.20.111
         - 10.10.20.112
   auth:
-    secretName: validator-secret
+    secretName: vsphere-creds

config/samples/ntpvalidator.yaml config/samples/vsphere-validator-ntp.yamlconfig/samples/ntpvalidator.yaml renamed to config/samples/vsphere-validator-ntp.yaml

@@ -0,0 +1,26 @@
+apiVersion: validation.spectrocloud.labs/v1alpha1
+kind: VsphereValidator
+metadata:
+  labels:
+    app.kubernetes.io/name: vspherevalidator
+    app.kubernetes.io/instance: vspherevalidator-sample
+    app.kubernetes.io/part-of: validator-plugin-vsphere
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/created-by: validator-plugin-vsphere
+  name: vspherevalidator-role-privilege
+  namespace: validator
+spec:
+  datacenter: "Datacenter"
+  auth:
+    secretName: vsphere-creds
+  rolePrivilegeValidationRules:
+    - username: tmpadmin@vsphere.local
+      privileges:
+        - Cns.Searchable
+        - Datastore.Browse
+        - InventoryService.Tagging.CreateTag
+        - InventoryService.Tagging.EditTag
+        - Network.Assign
+        - Sessions.ValidateSession
+        - StorageProfile.View
+        - StorageViews.View

config/samples/vsphere-validator-role-privilege.yaml

@@ -7,6 +7,15 @@ metadata:
     app.kubernetes.io/part-of: validator-plugin-vsphere
     app.kubernetes.io/managed-by: kustomize
     app.kubernetes.io/created-by: validator-plugin-vsphere
-  name: vspherevalidator-sample
+  name: vspherevalidator
+  namespace: validator
 spec:
-  # TODO(user): Add fields here
+  datacenter: "Datacenter"
+  auth:
+    secretName: vsphere-creds
+  tagValidationRules:
+    - name: "Folder tag validation"
+      clusterName: "Cluster2"
+      entityType: "folder"
+      entityName: "sp-prakash"
+      tag: "owner"