How can one reference a key that contains a ., I have tried using \. to escape the dot as I would it I were writing a jsonpath statement, but no dice:
annotations:
service.binding/jks: path={.status.truststore.secret},objectType=Secret,sourceKey=truststore.jks
service.binding/p12: path={.status.truststore.secret},objectType=Secret,sourceKey=truststore.p12
service.binding/password: path={.status.truststore.secret},objectType=Secret,sourceKey=truststore_passwordannotations:
service.binding/jks: path={.status.truststore.secret},objectType=Secret,sourceKey=truststore\.jks
service.binding/p12: path={.status.truststore.secret},objectType=Secret,sourceKey=truststore\.p12
service.binding/password: path={.status.truststore.secret},objectType=Secret,sourceKey=truststore_passwordThe former I didn't expect to work, but both produce the same result: a secret containing only the password (which oddly ends up in a property named TRUSTSTORE rather than TRUSTSTORE_PASSWORD, perhaps I have misunderstood how the part after the / works, but I expected service.binding/password to result in data,TRUSTSTORE_PASSWORD rather than data.TRUSTSTORE:
data:
TRUSTSTORE: NlpBcW .. <snip>
The following works:
service.binding/truststore: path={.status.truststore.secret},objectType=SecretProducing:
data:
TRUSTSTORE_TRUSTSTORE_JKS: xxx
TRUSTSTORE_TRUSTSTORE_P12: xxx
TRUSTSTORE_TRUSTSTORE_PASSWORD: xxx
I can't seem to find any way to tell the operator "please don't apply a Type prefix", nor a way to instruct the operator to expand the secret directly onto the type'd prefix, as the following produces exactly the same result and I hoped might omit the middle TRUSTSTORE_:
service.binding: path={.status.truststore.secret},objectType=SecretMistake in the Docs
Also, FYI the example in the doc is in error: https://github.com/redhat-developer/service-binding-operator/blob/master/docs/SBO%20User%20Guide.md#use-certificate-from-the-configmap-statusdatadbconfiguration-as-an-environment-variable
The example annotation given is the same as the previous use-case, and would pull in the entire secret:
"servicebinding.dev/certificate": "path={.status.data.dbConfiguration},objectType=ConfigMap"
This should be:
"service.binding/certificate": "path={.status.data.dbConfiguration},objectType=ConfigMap,sourceKey=certificate"
Mappings
Finally, I tried to use a mapping to see if that was a way around this:
apiVersion: operators.coreos.com/v1alpha1
kind: ServiceBinding
metadata:
name: "trust-binding"
namespace: mas-inst1
spec:
services:
- group: trust-manager.ibm.com
version: v1
kind: Truststore
name: inst1-truststore
namespace: mas-inst1
id: ts1
mappings:
name: foo
value: '{{ .ts1.status.truststore.secret }}'Not sure if I'm using that right, but nothing new appeared in the secret. It's not clear to me how these play into the annotations, it appears these bypass any definition of what to share on the service end and allow the service making the binding request to have complete control over what to pluck out of the status of the CR, however I couldn't get it to work.
The spec above should -- if I understand correctly -- pull the name of the secret from the status of the CR and add it to the fields in the secret managed by the service binding operator even though it's not defined as something to share in the annotations on the CRD:
How can one reference a key that contains a
., I have tried using\.to escape the dot as I would it I were writing a jsonpath statement, but no dice:The former I didn't expect to work, but both produce the same result: a secret containing only the password (which oddly ends up in a property named
TRUSTSTORErather thanTRUSTSTORE_PASSWORD, perhaps I have misunderstood how the part after the/works, but I expectedservice.binding/passwordto result indata,TRUSTSTORE_PASSWORDrather thandata.TRUSTSTORE:The following works:
Producing:
I can't seem to find any way to tell the operator "please don't apply a Type prefix", nor a way to instruct the operator to expand the secret directly onto the type'd prefix, as the following produces exactly the same result and I hoped might omit the middle
TRUSTSTORE_:Mistake in the Docs
Also, FYI the example in the doc is in error: https://github.com/redhat-developer/service-binding-operator/blob/master/docs/SBO%20User%20Guide.md#use-certificate-from-the-configmap-statusdatadbconfiguration-as-an-environment-variable
The example annotation given is the same as the previous use-case, and would pull in the entire secret:
This should be:
Mappings
Finally, I tried to use a mapping to see if that was a way around this:
Not sure if I'm using that right, but nothing new appeared in the secret. It's not clear to me how these play into the annotations, it appears these bypass any definition of what to share on the service end and allow the service making the binding request to have complete control over what to pluck out of the status of the CR, however I couldn't get it to work.
The spec above should -- if I understand correctly -- pull the name of the secret from the status of the CR and add it to the fields in the secret managed by the service binding operator even though it's not defined as something to share in the annotations on the CRD: