Add Virtual Secret Pgbouncer Pgpool Redis Valkey (#199)

Signed-off-by: HiranmoyChowdhury <[email protected]>

Author: HiranmoyChowdhury

Makefile

@@ -45,7 +45,7 @@ endif
 ### These variables should not need tweaking.
 ###
 
-SRC_PKGS := elasticsearch elasticsearchdashboard mariadb mongodb mysql oracle perconaxtradb pgbouncer postgres proxysql redis redissentinel
+SRC_PKGS := elasticsearch elasticsearchdashboard mariadb mongodb mysql oracle perconaxtradb pgbouncer postgres proxysql redis redissentinel pgpool
 SRC_DIRS := $(SRC_PKGS)
 
 DOCKER_PLATFORMS := linux/amd64 linux/arm linux/arm64

go.mod

@@ -34,13 +34,13 @@ require (
 	go.mongodb.org/mongo-driver v1.14.0
 	go.virtual-secrets.dev/apimachinery v0.0.1
 	gomodules.xyz/pointer v0.1.0
-	k8s.io/api v0.32.3
-	k8s.io/apimachinery v0.32.3
-	k8s.io/client-go v0.32.3
+	k8s.io/api v0.32.8
+	k8s.io/apimachinery v0.32.8
+	k8s.io/client-go v0.32.8
 	k8s.io/klog/v2 v2.130.1
-	kmodules.xyz/client-go v0.32.7
+	kmodules.xyz/client-go v0.32.9
 	kmodules.xyz/custom-resources v0.32.2
-	kubedb.dev/apimachinery v0.59.0
+	kubedb.dev/apimachinery v0.59.1-0.20251205110528-3d10db600e5d
 	sigs.k8s.io/controller-runtime v0.20.4
 	xorm.io/xorm v1.3.9
 )
@@ -69,6 +69,7 @@ require (
 	github.com/go-faster/city v1.0.1 // indirect
 	github.com/go-faster/errors v0.7.1 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/go-logr/zapr v1.3.0 // indirect
 	github.com/go-ole/go-ole v1.2.6 // indirect
 	github.com/go-openapi/jsonpointer v0.21.0 // indirect
 	github.com/go-openapi/jsonreference v0.21.0 // indirect
@@ -144,6 +145,8 @@ require (
 	go.opentelemetry.io/otel v1.35.0 // indirect
 	go.opentelemetry.io/otel/metric v1.35.0 // indirect
 	go.opentelemetry.io/otel/trace v1.35.0 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/crypto v0.38.0 // indirect
 	golang.org/x/net v0.40.0 // indirect
 	golang.org/x/oauth2 v0.28.0 // indirect
@@ -152,26 +155,30 @@ require (
 	golang.org/x/term v0.32.0 // indirect
 	golang.org/x/text v0.25.0 // indirect
 	golang.org/x/time v0.10.0 // indirect
+	gomodules.xyz/clock v0.0.0-20200817085942-06523dba733f // indirect
 	gomodules.xyz/encoding v0.0.8 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect
 	gomodules.xyz/mergo v0.3.13 // indirect
 	gomodules.xyz/sets v0.2.1 // indirect
+	gomodules.xyz/sync v0.1.0 // indirect
+	gomodules.xyz/wait v0.2.0 // indirect
 	gomodules.xyz/x v0.0.17 // indirect
 	google.golang.org/protobuf v1.36.3 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiextensions-apiserver v0.32.3 // indirect
+	k8s.io/apiextensions-apiserver v0.32.8 // indirect
+	k8s.io/apiserver v0.32.8 // indirect
 	k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect
 	k8s.io/utils v0.0.0-20241210054802-24370beab758 // indirect
 	kmodules.xyz/apiversion v0.2.0 // indirect
-	kmodules.xyz/monitoring-agent-api v0.32.1 // indirect
+	kmodules.xyz/monitoring-agent-api v0.32.4 // indirect
 	kmodules.xyz/objectstore-api v0.32.0 // indirect
 	kmodules.xyz/offshoot-api v0.32.0 // indirect
 	kmodules.xyz/prober v0.32.0 // indirect
 	kmodules.xyz/resource-metadata v0.32.1 // indirect
 	kubeops.dev/operator-shard-manager v0.0.3 // indirect
-	kubeops.dev/petset v0.0.12 // indirect
+	kubeops.dev/petset v0.0.14 // indirect
 	kubeops.dev/sidekick v0.0.11 // indirect
 	kubestash.dev/apimachinery v0.21.0 // indirect
 	modernc.org/memory v1.5.0 // indirect
@@ -182,6 +189,7 @@ require (
 	sigs.k8s.io/randfill v1.0.0 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.6.0 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect
+	stash.appscode.dev/apimachinery v0.41.0 // indirect
 	xorm.io/builder v0.3.11-0.20220531020008-1bd24a7dc978 // indirect
 )
 

go.sum

@@ -233,6 +233,8 @@ github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zt
 github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
 github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/qbZg=
 github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
+github.com/kmodules/apiserver v0.32.3-0.20250221062720-35dc674c7dd6 h1:U6BBc6uBT3jTlmTBTyXaIfNnp1WzUaX6Xz7ReV8qcaw=
+github.com/kmodules/apiserver v0.32.3-0.20250221062720-35dc674c7dd6/go.mod h1:PEwREHiHNU2oFdte7BjzA1ZyjWjuckORLIK/wLV5goM=
 github.com/kmodules/controller-runtime v0.20.3-0.20250221050548-8eabe54e7dda h1:sCYJ4MiAYXHjUT6mJSRPaCPbHosjHjyrdNita/ZFQLk=
 github.com/kmodules/controller-runtime v0.20.3-0.20250221050548-8eabe54e7dda/go.mod h1:xg2XB0K5ShQzAgsoujxuKN4LNXR2LfwwHsPj7Iaw+XY=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
@@ -509,6 +511,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+gomodules.xyz/clock v0.0.0-20200817085942-06523dba733f h1:hTyhR4r+tj1Uq7/PpFxLTzbeA0LhMVp7bEYfhkzFjdY=
+gomodules.xyz/clock v0.0.0-20200817085942-06523dba733f/go.mod h1:K3m7N+nBOlf91/tpv8REUGwsAgaKFwElQCuiLhm12AQ=
 gomodules.xyz/encoding v0.0.8 h1:r2Koq0BJ4HQCCjPTHuti0ItJDXqWJoLRHcm14Ayyp10=
 gomodules.xyz/encoding v0.0.8/go.mod h1:tn9zeeM1vHMxwVIwJQo7gGfJSCOklnU11tZ+3gSbj08=
 gomodules.xyz/jsonpatch/v2 v2.5.0 h1:JELs8RLM12qJGXU4u/TO3V25KW8GreMKl9pdkk14RM0=
@@ -519,6 +523,10 @@ gomodules.xyz/pointer v0.1.0 h1:sG2UKrYVSo6E3r4itAjXfPfe4fuXMi0KdyTHpR3vGCg=
 gomodules.xyz/pointer v0.1.0/go.mod h1:sPLsC0+yLTRecUiC5yVlyvXhZ6LAGojNCRWNNqoplvo=
 gomodules.xyz/sets v0.2.1 h1:vK3oUWoGVrZKLDKO/bzEo/ucHFdCE7+DxWPeWxK72KQ=
 gomodules.xyz/sets v0.2.1/go.mod h1:jKgNp01/iDs+svOWXaPk5cKP3VXy0mWUoTF/ore+aMc=
+gomodules.xyz/sync v0.1.0 h1:Y7vHOtMrqN9FojRwkCQdC17dKL1fVx+6xb7WdfnXX58=
+gomodules.xyz/sync v0.1.0/go.mod h1:kv570yCdknyiZ8Y94uaRFGBC5E47TV/5A7PD9jlnJoQ=
+gomodules.xyz/wait v0.2.0 h1:HnRIh+cvIrrKIFaXoYznCVVirv2/2xu3KzjSzsQmYAY=
+gomodules.xyz/wait v0.2.0/go.mod h1:g/epKzZQuCqgvhzhaoG4cSBNGHqnOrhFR4Q7szDJ1JM=
 gomodules.xyz/x v0.0.17 h1:Ik3wf0suCMiYPY0miFUh+q8BpjsUHc/7zvANbFViBQA=
 gomodules.xyz/x v0.0.17/go.mod h1:7R5182LvgWj1ZGlnpbhfSLsxM3lFN7LBettztpX+A2I=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
@@ -546,14 +554,14 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C
 gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-k8s.io/api v0.32.3 h1:Hw7KqxRusq+6QSplE3NYG4MBxZw1BZnq4aP4cJVINls=
-k8s.io/api v0.32.3/go.mod h1:2wEDTXADtm/HA7CCMD8D8bK4yuBUptzaRhYcYEEYA3k=
-k8s.io/apiextensions-apiserver v0.32.3 h1:4D8vy+9GWerlErCwVIbcQjsWunF9SUGNu7O7hiQTyPY=
-k8s.io/apiextensions-apiserver v0.32.3/go.mod h1:8YwcvVRMVzw0r1Stc7XfGAzB/SIVLunqApySV5V7Dss=
-k8s.io/apimachinery v0.32.3 h1:JmDuDarhDmA/Li7j3aPrwhpNBA94Nvk5zLeOge9HH1U=
-k8s.io/apimachinery v0.32.3/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
-k8s.io/client-go v0.32.3 h1:RKPVltzopkSgHS7aS98QdscAgtgah/+zmpAogooIqVU=
-k8s.io/client-go v0.32.3/go.mod h1:3v0+3k4IcT9bXTc4V2rt+d2ZPPG700Xy6Oi0Gdl2PaY=
+k8s.io/api v0.32.8 h1:PhuKPnqsaXYuwmLXRLAmdDJ9EZ2R2kEbOZTq4UE3lGc=
+k8s.io/api v0.32.8/go.mod h1:gdRZQ4zXGawr9YrJ5OjTl7aR3TD0mTowtFsqFtpCDXo=
+k8s.io/apiextensions-apiserver v0.32.8 h1:iYIIaZmn/BMTwzGYRZnYZysaKB4t2TL3O+0yhmbXE2U=
+k8s.io/apiextensions-apiserver v0.32.8/go.mod h1:GTGskWgcBo/7boX33zcS8JY6vaG4s728AdbQPxtheVk=
+k8s.io/apimachinery v0.32.8 h1:95I+2jX71Tev+C+UlhNbmKfv+A/TQII42HLskiHZpBg=
+k8s.io/apimachinery v0.32.8/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
+k8s.io/client-go v0.32.8 h1:BkSFWUtRz/BbE3DJF98KPg7ix6lwMnIQ9DnHw3iWiSw=
+k8s.io/client-go v0.32.8/go.mod h1:vGkCzRxZ7BuRX2zdW7+kOwCdcgOkq9omDWb26wk/sE0=
 k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
 k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
 k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff h1:/usPimJzUKKu+m+TE36gUyGcf03XZEP0ZIKgKj35LS4=
@@ -562,12 +570,12 @@ k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJ
 k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 kmodules.xyz/apiversion v0.2.0 h1:vAQYqZFm4xu4pbB1cAdHbFEPES6EQkcR4wc06xdTOWk=
 kmodules.xyz/apiversion v0.2.0/go.mod h1:oPX8g8LvlPdPX3Yc5YvCzJHQnw3YF/X4/jdW0b1am80=
-kmodules.xyz/client-go v0.32.7 h1:vBAbp8vs4coYRhY4wqm1Hw/eBEDiVU238AyMLSoRJ1c=
-kmodules.xyz/client-go v0.32.7/go.mod h1:ZwLnc7UqEXUNSe43n/SnER6+7YAQCu38L2te6YefoHU=
+kmodules.xyz/client-go v0.32.9 h1:iZVhmTuMybHR7THGqnkbQdAJEOJCtZ9Ry9cY8TBvTJI=
+kmodules.xyz/client-go v0.32.9/go.mod h1:ZwLnc7UqEXUNSe43n/SnER6+7YAQCu38L2te6YefoHU=
 kmodules.xyz/custom-resources v0.32.2 h1:NkRqL/4AWHiXdT5WKFcJlBcvRuoNdeYIrBGvQIRJRn4=
 kmodules.xyz/custom-resources v0.32.2/go.mod h1:YKFNcsFQU7Z3AcPvYVCdFtgAdWiG1Wd1HQMOxCrAoWc=
-kmodules.xyz/monitoring-agent-api v0.32.1 h1:F0cm5NJWfgiANw3eiKkXXSXoClMBpAolMXE/N7Xts74=
-kmodules.xyz/monitoring-agent-api v0.32.1/go.mod h1:zgRKiJcuK7FOHy0Y1TsONRbJfgnPCs8t4Zh/6Afr+yU=
+kmodules.xyz/monitoring-agent-api v0.32.4 h1:JGm2bvHfAXHAf7EKjFrNDG3f7+QFpYV2Mvgj3RDVRhw=
+kmodules.xyz/monitoring-agent-api v0.32.4/go.mod h1:NkCiNP05EWrsjTTU2Npova/Sm27+I8vwUXqXVCmBbQ4=
 kmodules.xyz/objectstore-api v0.32.0 h1:A45lWKNb+02fJV1Mo4IDIpC1hWvLh/wuHKErovxKmQw=
 kmodules.xyz/objectstore-api v0.32.0/go.mod h1:N2SXdUU+YjXwG64UATYg+OoFYQ+p2MhX8B5TTKBeTf8=
 kmodules.xyz/offshoot-api v0.32.0 h1:gogc5scSZe2JoXtZof72UGRl3Tit0kFaFRMkLLT1D8o=
@@ -576,12 +584,12 @@ kmodules.xyz/prober v0.32.0 h1:8Z6pFRAu8kP0wwX2BooPCRy2SE6ZkUMHQmZDH5VUEGY=
 kmodules.xyz/prober v0.32.0/go.mod h1:h0fH4m9DaIwuNZq85zOlWUvBycyy4LvCPMUUhpS3iSE=
 kmodules.xyz/resource-metadata v0.32.1 h1:hWQbL0Xb+GaF7qn+rY0CNh7FUfKZw29VBUKTxjHFGYI=
 kmodules.xyz/resource-metadata v0.32.1/go.mod h1:wHC24BVzKb1gzkDCSI5l9CXK4AKD5gMamxEqVys50lI=
-kubedb.dev/apimachinery v0.59.0 h1:6daQ4dS6xayoyaZ67N5NXxOD1wH4H7v5JKPSwjPDbAk=
-kubedb.dev/apimachinery v0.59.0/go.mod h1:cdAy0z4ED/iunIQprmaB4yCSxgBkFaT5fcOT/ogxl0Q=
+kubedb.dev/apimachinery v0.59.1-0.20251205110528-3d10db600e5d h1:RFsZrXvM52Sz7joiRV2/d+Mt1sl3zV/BhmRjCypZxdA=
+kubedb.dev/apimachinery v0.59.1-0.20251205110528-3d10db600e5d/go.mod h1:8zu7zUBEd2PQsI0JZJFmxzglf63zxbwlAJIJlY77UqM=
 kubeops.dev/operator-shard-manager v0.0.3 h1:Z2YOAfyQIjvHMwT4O56lR0l9z25s2tCVDO22u/XuYnw=
 kubeops.dev/operator-shard-manager v0.0.3/go.mod h1:2oRq5vnCaUxzE+qIiRuzB34PlqahiynE+sYqWu6AMIY=
-kubeops.dev/petset v0.0.12 h1:NSFEeuckBVm44f3cAL4HhcQWvnfOE4qgbfug7+FEyaY=
-kubeops.dev/petset v0.0.12/go.mod h1:akG9QH1JaOZQcuQKEKWvkVWI8P3im/5O554aTRvB6Y0=
+kubeops.dev/petset v0.0.14 h1:Lk3prjtm5AgR44qr2SX8elx6sF9PK1G0GYlv8AZd9OY=
+kubeops.dev/petset v0.0.14/go.mod h1:X10jcvIjjP9HIa8ezh9PjtaXvFfk2zT+JmmO/S+7uhA=
 kubeops.dev/sidekick v0.0.11 h1:OydXdIH6cYSiWxKIWvrywk95WhhHSERkc7RNPOmTekc=
 kubeops.dev/sidekick v0.0.11/go.mod h1:90KMNmJOPoMKHbrdC1cpEsMx+1KjTea/lHDAbGRDzHc=
 kubestash.dev/apimachinery v0.21.0 h1:2qHROfY6RdxNjoEPm2yzQOuaqKlIeEMEn7bP+a/xezQ=
@@ -619,6 +627,8 @@ sigs.k8s.io/structured-merge-diff/v4 v4.6.0 h1:IUA9nvMmnKWcj5jl84xn+T5MnlZKThmUW
 sigs.k8s.io/structured-merge-diff/v4 v4.6.0/go.mod h1:dDy58f92j70zLsuZVuUX5Wp9vtxXpaZnkPGWeqDfCps=
 sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
 sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
+stash.appscode.dev/apimachinery v0.41.0 h1:1K4j0ADKjlQ/tGnCpctEmDx1CfJzu1HKgQC0EK5U4ZA=
+stash.appscode.dev/apimachinery v0.41.0/go.mod h1:y1VgM/7CT990qqHAtE0JGg1N0sFWzmrq/9HzUU5V8dc=
 xorm.io/builder v0.3.11-0.20220531020008-1bd24a7dc978 h1:bvLlAPW1ZMTWA32LuZMBEGHAUOcATZjzHcotf3SWweM=
 xorm.io/builder v0.3.11-0.20220531020008-1bd24a7dc978/go.mod h1:aUW0S9eb9VCaPohFCH3j7czOx1PMW3i1HrSzbLYGBSE=
 xorm.io/xorm v1.3.9 h1:TUovzS0ko+IQ1XnNLfs5dqK1cJl1H5uHpWbWqAQ04nU=

pgbouncer/kubedb_client_builder.go

@@ -22,8 +22,10 @@ import (
 
 	"kubedb.dev/apimachinery/apis/kubedb"
 	dbapi "kubedb.dev/apimachinery/apis/kubedb/v1"
+	"kubedb.dev/apimachinery/pkg/lib"
 
 	_ "github.com/lib/pq"
+	vsecretapi "go.virtual-secrets.dev/apimachinery/apis/virtual/v1alpha1"
 	core "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/klog/v2"
@@ -152,23 +154,32 @@ func (o *KubeDBClientBuilder) GetBackendAuth() (string, string, error) {
 		return "", "", fmt.Errorf("backend postgres auth secret unspecified for pgBouncer %s/%s", o.pgbouncer.Namespace, o.pgbouncer.Name)
 	}
 
-	var secret core.Secret
-	err = o.kc.Get(o.ctx, client.ObjectKey{Namespace: appBinding.Namespace, Name: appBinding.Spec.Secret.Name}, &secret)
-	if err != nil {
-		return "", "", err
-	}
+	if appBinding.Spec.Secret.APIGroup != vsecretapi.GroupName {
+		var secret core.Secret
+		err = o.kc.Get(o.ctx, client.ObjectKey{Namespace: appBinding.Namespace, Name: appBinding.Spec.Secret.Name}, &secret)
+		if err != nil {
+			return "", "", err
+		}
 
-	user, present := secret.Data[core.BasicAuthUsernameKey]
-	if !present {
-		return "", "", fmt.Errorf("error getting backend username")
-	}
+		if err = lib.ValidateAuthSecret(&secret); err != nil {
+			return "", "", err
+		}
+		return string(secret.Data[core.BasicAuthUsernameKey]), string(secret.Data[core.BasicAuthPasswordKey]), nil
+	} else {
+		vSecret := &vsecretapi.Secret{}
+		err = o.kc.Get(context.TODO(), types.NamespacedName{
+			Name:      appBinding.Spec.Secret.Name,
+			Namespace: appBinding.Namespace,
+		}, vSecret)
+		if err != nil {
+			return "", "", err
+		}
 
-	pass, present := secret.Data[core.BasicAuthPasswordKey]
-	if !present {
-		return "", "", fmt.Errorf("error getting backend password")
+		if err = lib.ValidateVirtualAuthSecret(vSecret); err != nil {
+			return "", "", err
+		}
+		return string(vSecret.Data[core.BasicAuthUsernameKey]), string(vSecret.Data[core.BasicAuthPasswordKey]), nil
 	}
-
-	return string(user), string(pass), nil
 }
 
 func (o *KubeDBClientBuilder) getTLSConfig(ctx context.Context) (*certholder.Paths, error) {

pgpool/kubedb_client_builder.go

@@ -18,12 +18,13 @@ package pgpool
 
 import (
 	"context"
-
 	"fmt"
 
 	olddbapi "kubedb.dev/apimachinery/apis/kubedb/v1alpha2"
+	"kubedb.dev/apimachinery/pkg/lib"
 
 	_ "github.com/lib/pq"
+	vsecretapi "go.virtual-secrets.dev/apimachinery/apis/virtual/v1alpha1"
 	core "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/klog/v2"
@@ -124,20 +125,27 @@ func (o *KubeDBClientBuilder) getBackendAuth() (string, string, error) {
 		return "", "", fmt.Errorf("backend postgres auth secret unspecified for pgpool %s/%s", pp.Namespace, pp.Name)
 	}
 
-	var secret core.Secret
-	err = o.kc.Get(o.ctx, client.ObjectKey{Namespace: pp.Spec.PostgresRef.Namespace, Name: apb.Spec.Secret.Name}, &secret)
-	if err != nil {
-		return "", "", err
-	}
-	user, ok := secret.Data[core.BasicAuthUsernameKey]
-	if !ok {
-		return "", "", fmt.Errorf("error getting backend username")
-	}
-	pass, ok := secret.Data[core.BasicAuthPasswordKey]
-	if !ok {
-		return "", "", fmt.Errorf("error getting backend password")
+	if apb.Spec.Secret.APIGroup == vsecretapi.GroupName {
+		var secret vsecretapi.Secret
+		err = o.kc.Get(o.ctx, client.ObjectKey{Namespace: pp.Spec.PostgresRef.Namespace, Name: apb.Spec.Secret.Name}, &secret)
+		if err != nil {
+			return "", "", err
+		}
+		if err = lib.ValidateVirtualAuthSecret(&secret); err != nil {
+			return "", "", err
+		}
+		return string(secret.Data[core.BasicAuthUsernameKey]), string(secret.Data[core.BasicAuthPasswordKey]), nil
+	} else {
+		var secret core.Secret
+		err = o.kc.Get(o.ctx, client.ObjectKey{Namespace: pp.Spec.PostgresRef.Namespace, Name: apb.Spec.Secret.Name}, &secret)
+		if err != nil {
+			return "", "", err
+		}
+		if err = lib.ValidateAuthSecret(&secret); err != nil {
+			return "", "", err
+		}
+		return string(secret.Data[core.BasicAuthUsernameKey]), string(secret.Data[core.BasicAuthPasswordKey]), nil
 	}
-	return string(user), string(pass), nil
 }
 
 func (o *KubeDBClientBuilder) getConnectionString() (string, error) {

redis/kubedb_client_builder.go

@@ -26,8 +26,10 @@ import (
 
 	"kubedb.dev/apimachinery/apis/kubedb"
 	dbapi "kubedb.dev/apimachinery/apis/kubedb/v1"
+	"kubedb.dev/apimachinery/pkg/lib"
 
 	rd "github.com/redis/go-redis/v9"
+	vsecretapi "go.virtual-secrets.dev/apimachinery/apis/virtual/v1alpha1"
 	core "k8s.io/api/core/v1"
 	"k8s.io/klog/v2"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -156,13 +158,26 @@ func (o *KubeDBClientBuilder) getClientPassword(ctx context.Context) (string, er
 	if o.db.Spec.AuthSecret == nil || o.db.Spec.AuthSecret.Name == "" {
 		return "", errors.New("no database secret")
 	}
-	var authSecret core.Secret
-	err := o.kc.Get(ctx, client.ObjectKey{Namespace: o.db.Namespace, Name: o.db.Spec.AuthSecret.Name}, &authSecret)
+	var clientPass string
+	if !dbapi.IsVirtualAuthSecretReferred(o.db.Spec.AuthSecret) {
+		var authSecret core.Secret
+		err := o.kc.Get(ctx, client.ObjectKey{Namespace: o.db.Namespace, Name: o.db.Spec.AuthSecret.Name}, &authSecret)
+		if err != nil {
+			return "", err
+		}
+		clientPass = string(authSecret.Data[core.BasicAuthPasswordKey])
+		return clientPass, nil
+	}
+	vSecret := &vsecretapi.Secret{}
+	err := o.kc.Get(context.TODO(), client.ObjectKey{Namespace: o.db.Namespace, Name: o.db.Spec.AuthSecret.Name}, vSecret)
 	if err != nil {
 		return "", err
 	}
-	clientPass := string(authSecret.Data[core.BasicAuthPasswordKey])
-	return clientPass, nil
+
+	if err = lib.ValidateVirtualAuthSecret(vSecret); err != nil {
+		return "", err
+	}
+	return string(vSecret.Data[core.BasicAuthPasswordKey]), nil
 }
 
 func (o *KubeDBClientBuilder) getTLSConfig(ctx context.Context) (*tls.Config, error) {