Disable using Secrets packages by default

Author: Patrick J. McNerthney

README.md

@@ -38,9 +38,9 @@ spec:
 
 In addtion to an inline script, the python implementation can be specified
 as the complete path to a python class. Python packages can be deployed using
-ConfigMaps or Secrets enabling the use of your IDE of choice for writting
-the code. See [ConfigMap and Secret Packages](#configmap-and-secret-packages)
-and [Filing System Packages](#filing-system-packages).
+ConfigMaps, enabling using your IDE of choice for writting the code. See
+[ConfigMap Packages](#configmap-packages) and
+[Filing System Packages](#filing-system-packages).
 
 ## Examples
 
@@ -57,7 +57,7 @@ kind: Function
 metadata:
   name: function-pythonic
 spec:
-  package: ghcr.io/fortra/function-pythonic:v0.0.3
+  package: ghcr.io/fortra/function-pythonic:v0.0.7
 ```
 
 ## Composed Resource Dependencies
@@ -301,12 +301,12 @@ spec:
         self.status.composite = 'Hello, World!'
 ```
 
-## ConfigMap and Secret Packages
+## ConfigMap Packages
 
-ConfigMap and Secret based python packages are enable using the `--packages`
-and `--packages-namespace` command line options. ConfigMaps and Secrets
-with the label `function-pythonic.package` will be incorporated in the python
-path at the location configured in the label value. For example, the following
+ConfigMap based python packages are enable using the `--packages` and
+`--packages-namespace` command line options. ConfigMaps with the label
+`function-pythonic.package` will be incorporated in the python path at
+the location configured in the label value. For example, the following
 ConfigMap will enable python to use `import example.pythonic.features`
 ```yaml
 apiVersion: v1
@@ -338,7 +338,7 @@ Then, in your Composition:
     ...
 ```
 The entire function-pythonic Composite class can be coded in the ConfigMap and
-the only the complete path is needed in the step configuration.
+only the complete Composite class path is needed in the step configuration.
 ```yaml
 apiVersion: v1
 kind: ConfigMap
@@ -374,7 +374,7 @@ kind: Function
 metadata:
   name: function-pythonic
 spec:
-  package: ghcr.io/fortra/function-pythonic:v0.0.6
+  package: ghcr.io/fortra/function-pythonic:v0.0.7
   runtimeConfigRef:
     name: function-pythonic
 ---
@@ -413,7 +413,6 @@ rules:
   - ''
   resources:
   - configmaps
-  - secrets
   verbs:
   - list
   - watch
@@ -432,10 +431,14 @@ subjects:
   namespace: crossplane-system
   name: function-pythonic
 ```
-When enabled, labeled ConfigMaps and Secrets are obtained cluster wide,
-requiring the above ClusterRole permissions. The `--packages-name` command
-line option will restrict to only using the supplied namespaces. Per namespace
-RBAC permissions are then required.
+When enabled, labeled ConfigMaps are obtained cluster wide, requiring the above
+ClusterRole permissions. The `--packages-namespace` command line option will restrict
+to only using the supplied namespace. This option can be invoked multiple times.
+The above RBAC permission can then be per namespace RBAC Role permissions.
+
+Secrets can also be used in an identical manner as ConfigMaps by enabling the
+`--packages-secrets` command line option. Secrets permissions need to be
+added to the above RBAC configuration.
 
 ## Filing System Packages
 

crossplane/pythonic/__init__.py

@@ -1,12 +1,13 @@
 import base64
 
 from .composite import BaseComposite
-from .protobuf import Map, List, Unknown, Yaml, Json
+from .protobuf import append, Map, List, Unknown, Yaml, Json
 B64Encode = lambda s: base64.b64encode(s.encode('utf-8')).decode('utf-8')
 B64Decode = lambda s: base64.b64decode(s.encode('utf-8')).decode('utf-8')
 
 __all__ = [
     'BaseComposite',
+    'append',
     'Map',
     'List',
     'Unknown',

crossplane/pythonic/function.py

@@ -15,6 +15,7 @@
 from .. import pythonic
 
 builtins.BaseComposite = pythonic.BaseComposite
+builtins.append = pythonic.append
 builtins.Map = pythonic.Map
 builtins.List = pythonic.List
 builtins.Unknown = pythonic.Unknown

crossplane/pythonic/main.py

@@ -13,10 +13,9 @@
 import crossplane.function.logging
 import crossplane.function.proto.v1.run_function_pb2_grpc as grpcv1
 import grpc
-import kopf
 import pip._internal.cli.main
 
-from . import function, packages
+from . import function
 
 
 def main():
@@ -35,6 +34,12 @@ async def main(self):
             action='store_true',
             help='Emit debug logs.',
         )
+        parser.add_argument(
+            '--log-name-width',
+            type=int,
+            default=40,
+            help='Width of the logger name in the log output, default 40',
+        )
         parser.add_argument(
             '--address',
             default='0.0.0.0:9443',
@@ -53,7 +58,12 @@ async def main(self):
         parser.add_argument(
             '--packages',
             action='store_true',
-            help='Discover python packages from function-pythonic ConfigMaps and Secrets.'
+            help='Discover python packages from function-pythonic ConfigMaps.'
+        )
+        parser.add_argument(
+            '--packages-secrets',
+            action='store_true',
+            help='Also Discover python packages from function-pythonic Secrets.'
         )
         parser.add_argument(
             '--packages-namespace',
@@ -122,21 +132,15 @@ async def main(self):
         await grpc_server.start()
 
         if args.packages:
-            packages_dir = pathlib.Path(args.packages_dir).expanduser().resolve()
-            sys.path.insert(0, str(packages_dir))
-            packages.setup(packages_dir, grpc_runner)
-            @kopf.on.startup()
-            async def startup(settings, **_):
-                settings.scanning.disabled = True
-            @kopf.on.cleanup()
-            async def cleanup(logger=None, **_):
-                await grpc_server.stop(5)
+            from . import packages
             async with asyncio.TaskGroup() as tasks:
                 tasks.create_task(grpc_server.wait_for_termination())
-                tasks.create_task(kopf.operator(
-                    standalone=True,
-                    clusterwide=not args.packages_namespace,
-                    namespaces=args.packages_namespace,
+                tasks.create_task(packages.operator(
+                    args.packages_secrets,
+                    args.packages_namespace,
+                    args.packages_dir,
+                    grpc_server,
+                    grpc_runner,
                 ))
         else:
             def stop():
@@ -147,14 +151,12 @@ def stop():
             await grpc_server.wait_for_termination()
 
     def configure_logging(self, args):
-        formatter = Formatter(30)
+        formatter = Formatter(args.log_name_width)
         handler = logging.StreamHandler()
         handler.setFormatter(formatter)
         logger = logging.getLogger()
         logger.addHandler(handler)
         logger.setLevel(logging.DEBUG if args.debug else logging.INFO)
-        if args.debug:
-            logging.getLogger('kopf.objects').setLevel(logging.INFO)
 
 
 class Formatter(logging.Formatter):
@@ -172,12 +174,11 @@ def format(self, record):
         if extra > 0:
             names = record.sname.split('.')
             for ix, name in enumerate(names):
-                if len(name) <= extra:
-                    names[ix] = name[:1]
-                    extra -= len(name) - 1
-                else:
+                if len(name) > extra:
                     names[ix] = name[extra:]
                     break
+                names[ix] = name[:1]
+                extra -= len(name) - 1
             record.sname = '.'.join(names)
         return super(Formatter, self).format(record)
 

crossplane/pythonic/packages.py

@@ -1,25 +1,51 @@
 
 import base64
 import importlib
+import logging
 import pathlib
 import sys
 
 import kopf
 
 
+PACKAGE_LABEL = {'function-pythonic.package': kopf.PRESENT}
 PACKAGES_DIR = None
+GRPC_SERVER = None
 GRPC_RUNNER = None
 
-def setup(packages_dir, packages_runner):
-    global PACKAGES_DIR, GRPC_RUNNER
+
+def operator(packages_secrets, packages_namespace, packages_dir, grpc_server, grpc_runner):
+    logging.getLogger('kopf.objects').setLevel(logging.INFO)
+    global PACKAGES_DIR, GRPC_SERVER, GRPC_RUNNER
     PACKAGES_DIR = packages_dir
-    GRPC_RUNNER = packages_runner
+    GRPC_SERVER = grpc_server
+    GRPC_RUNNER = grpc_runner
+    PACKAGES_DIR = pathlib.Path(packages_dir).expanduser().resolve()
+    sys.path.insert(0, str(PACKAGES_DIR))
+    if packages_secrets:
+        kopf.on.create('', 'v1', 'secrets', labels=PACKAGE_LABEL)(create)
+        kopf.on.resume('', 'v1', 'secrets', labels=PACKAGE_LABEL)(create)
+        kopf.on.update('', 'v1', 'secrets', labels=PACKAGE_LABEL)(update)
+        kopf.on.delete('', 'v1', 'secrets', labels=PACKAGE_LABEL)(delete)
+    return kopf.operator(
+        standalone=True,
+        clusterwide=not packages_namespace,
+        namespaces=packages_namespace,
+    )
+
+
+@kopf.on.startup()
+async def startup(settings, **_):
+    settings.scanning.disabled = True
+
+
+@kopf.on.cleanup()
+async def cleanup(**_):
+    await GRPC_SERVER.stop(5)
 
 
-@kopf.on.create('', 'v1', 'configmaps', labels={'function-pythonic.package': kopf.PRESENT})
-@kopf.on.resume('', 'v1', 'configmaps', labels={'function-pythonic.package': kopf.PRESENT})
-@kopf.on.create('', 'v1', 'secrets', labels={'function-pythonic.package': kopf.PRESENT})
-@kopf.on.resume('', 'v1', 'secrets', labels={'function-pythonic.package': kopf.PRESENT})
+@kopf.on.create('', 'v1', 'configmaps', labels=PACKAGE_LABEL)
+@kopf.on.resume('', 'v1', 'configmaps', labels=PACKAGE_LABEL)
 async def create(body, logger, **_):
     package_dir, package = get_package_dir(body)
     if package_dir:
@@ -40,8 +66,7 @@ async def create(body, logger, **_):
                 logger.info(f"Created file: {'/'.join(package + [name])}")
 
 
-@kopf.on.update('', 'v1', 'configmaps', labels={'function-pythonic.package': kopf.PRESENT})
-@kopf.on.update('', 'v1', 'secrets', labels={'function-pythonic.package': kopf.PRESENT})
+@kopf.on.update('', 'v1', 'configmaps', labels=PACKAGE_LABEL)
 async def update(body, old, logger, **_):
     old_package_dir, old_package = get_package_dir(old)
     if old_package_dir:
@@ -91,8 +116,7 @@ async def update(body, old, logger, **_):
             old_package.pop()
 
 
-@kopf.on.delete('', 'v1', 'configmaps', labels={'function-pythonic.package': kopf.PRESENT})
-@kopf.on.delete('', 'v1', 'secrets', labels={'function-pythonic.package': kopf.PRESENT})
+@kopf.on.delete('', 'v1', 'configmaps', labels=PACKAGE_LABEL)
 async def delete(old, logger, **_):
     package_dir, package = get_package_dir(old)
     if package_dir:

crossplane/pythonic/protobuf.py

@@ -18,8 +18,11 @@
 import datetime
 import google.protobuf.struct_pb2
 import json
+import sys
 import yaml
 
+append = sys.maxsize
+
 
 def Map(**kwargs):
     return Values(None, None, None, Values.Type.MAP)(**kwargs)
@@ -442,6 +445,10 @@ def __setitem__(self, key, message):
             raise ValueError(f"{self._readOnly} is read only")
         if self._messages is None:
             self._messages = self._parent._create_child(self._key)
+        if key == append:
+            key = len(self._messages)
+        elif key < 0:
+            key = len(self._messages) + key
         while key >= len(self._messages):
             self._messages.add()
         if isinstance(message, Message):
@@ -738,6 +745,10 @@ def __setitem__(self, key, value):
                 else:
                     self.__dict__['_values'] = self._parent._create_child(self._key, self._type)
             values = self._values.values
+            if key == append:
+                key = len(values)
+            elif key < 0:
+                key = len(values) + key
             while key >= len(values):
                 values.add()
         else:

examples/eks-cluster/functions.yaml

@@ -5,4 +5,4 @@ metadata:
   annotations:
     render.crossplane.io/runtime: Development
 spec:
-  package: ghcr.io/fortra/function-pythonic:v0.0.5
+  package: ghcr.io/fortra/function-pythonic:v0.0.7

examples/helm-copy-secret/functions.yaml

@@ -5,4 +5,4 @@ metadata:
   annotations: 
     render.crossplane.io/runtime: Development
 spec:
-  package: ghcr.io/fortra/function-pythonic:v0.0.6
+  package: ghcr.io/fortra/function-pythonic:v0.0.7

pyproject.toml

@@ -38,7 +38,7 @@ packages = ["crossplane"]
 [tool.hatch.envs.default.scripts]
 production = "python -m crossplane.pythonic.main --insecure"
 development = "python -m crossplane.pythonic.main --insecure --debug"
-packages = "python -m crossplane.pythonic.main --insecure --debug --packages"
+packages = "python -m crossplane.pythonic.main --insecure --debug --packages --packages-secrets"
 
 [tool.hatch.envs.lint]
 type = "virtual"

scripts/setup-local.sh

@@ -188,16 +188,16 @@ spec:
       name: function-pythonic
 EOF
 
-#  package: ghcr.io/fortra/function-pythonic:v0.0.6
-#  package: ghcr.io/iciclespider/function-pythonic:v0.0.0-20250816062312-0422a3a5c727
+#  package: ghcr.io/fortra/function-pythonic:v0.0.0-20250819201108-49cfb066579f
+#  package: ghcr.io/fortra/function-pythonic:v0.0.7
 
 kubectl apply -f - <<EOF
 apiVersion: pkg.crossplane.io/v1
 kind: Function
 metadata:
   name: function-pythonic
 spec:
-  package: ghcr.io/fortra/function-pythonic:v0.0.6
+  package: ghcr.io/fortra/function-pythonic:v0.0.7
   runtimeConfigRef:
     apiVersion: pkg.crossplane.io/v1beta1
     kind: DeploymentRuntimeConfig