Skip to content

feat: add a valueFrom field to Settings #347

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
sylr wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat: add a valueFrom field to Settings #347

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c37a6f9
feat: add a valueFrom field to Settings
sylr Nov 5, 2025
ba49323
fix: correct valueFrom fallback logic for optional resources
flemzord Jan 12, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions Justfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,11 @@ release: helm-publish
goreleaser release --clean

manifests:
go run sigs.k8s.io/controller-tools/cmd/controller-gen@v0.14.0 \
go run sigs.k8s.io/controller-tools/cmd/controller-gen@v0.19.0 \
rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases

generate:
go run sigs.k8s.io/controller-tools/cmd/controller-gen@v0.14.0 \
go run sigs.k8s.io/controller-tools/cmd/controller-gen@v0.19.0 \
object:headerFile="hack/boilerplate.go.txt" paths="./..."

generate-mock:
Expand Down
66 changes: 65 additions & 1 deletion api/formance.com/v1beta1/settings_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,17 +17,35 @@ limitations under the License.
package v1beta1

import (
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

// +kubebuilder:validation:ExactlyOneOf=value;valueFrom
type SettingsSpec struct {
//+optional
// Stacks on which the setting is applied. Can contain `*` to indicate a wildcard.
Stacks []string `json:"stacks,omitempty"`
// The setting Key. See the documentation of each module or [global settings](#global-settings) to discover them.
Key string `json:"key"`
// The value. It must have a specific format following the Key.
Value string `json:"value"`
// Either Value or ValueFrom must be set, but not both.
//+optional
Value string `json:"value,omitempty"`
// Source for the value. Can be used to reference a secret or configmap key.
// Either Value or ValueFrom must be set, but not both.
//+optional
ValueFrom *ValueFrom `json:"valueFrom,omitempty"`
}

// +kubebuilder:validation:ExactlyOneOf=secretKeyRef;configMapKeyRef
type ValueFrom struct {
// Selects a key of a Secret.
//+optional
SecretKeyRef *corev1.SecretKeySelector `json:"secretKeyRef,omitempty"`
// Selects a key of a ConfigMap.
//+optional
ConfigMapKeyRef *corev1.ConfigMapKeySelector `json:"configMapKeyRef,omitempty"`
}

// Settings represents a configurable piece of the stacks.
Expand Down Expand Up @@ -91,6 +109,52 @@ type SettingsSpec struct {
//
// ```
//
// You can also fetch values from secrets or configmaps using `valueFrom`:
// ```yaml
// apiVersion: formance.com/v1beta1
// kind: Settings
// metadata:
//
// name: postgres-uri-from-secret
//
// spec:
//
// key: postgres.ledger.uri
// stacks:
// - stack0
// valueFrom:
// secretKeyRef:
// name: postgres-credentials
// key: connection-string
// optional: false
//
// ```
//
// Or from a configmap:
// ```yaml
// apiVersion: formance.com/v1beta1
// kind: Settings
// metadata:
//
// name: postgres-uri-from-configmap
//
// spec:
//
// key: postgres.ledger.uri
// stacks:
// - stack0
// valueFrom:
// configMapKeyRef:
// name: postgres-config
// key: uri
// optional: false
//
// ```
//
// Note: Secrets and configmaps are resolved from the stack's namespace (which has the same name as the stack)
// and then from the formance-system namespace if not found in the stack namespace.
// Either `value` or `valueFrom` must be set, but not both.
//
// Some settings are really global, while some are used by specific module.
//
// Refer to the documentation of each module and resource to discover available Settings.
Expand Down
30 changes: 30 additions & 0 deletions api/formance.com/v1beta1/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

22 changes: 4 additions & 18 deletions config/crd/bases/formance.com_authclients.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.19.0
name: authclients.formance.com
spec:
group: formance.com
Expand Down Expand Up @@ -101,7 +101,6 @@ spec:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key must be defined
Expand All @@ -120,16 +119,8 @@ spec:
properties:
conditions:
items:
description: "Condition contains details for one aspect of the current
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Status []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: |-
Expand Down Expand Up @@ -169,12 +160,7 @@ spec:
- Unknown
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
Expand Down
27 changes: 4 additions & 23 deletions config/crd/bases/formance.com_auths.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.19.0
labels:
formance.com/kind: module
name: auths.formance.com
Expand Down Expand Up @@ -43,13 +43,10 @@ spec:
description: |-
Auth represent the authentication module of a stack.


It is an OIDC compliant server.


Creating it for a stack automatically add authentication on all supported modules.


The auth service is basically a proxy to another OIDC compliant server.
properties:
apiVersion:
Expand Down Expand Up @@ -97,7 +94,6 @@ spec:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key must be
Expand All @@ -122,7 +118,6 @@ spec:
description: |-
Allow to enable scopes usage on authentication.


If not enabled, each service will check the authentication but will not restrict access following scopes.
in this case, if authenticated, it is ok.
type: boolean
Expand All @@ -142,7 +137,6 @@ spec:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key must be defined
Expand All @@ -168,16 +162,8 @@ spec:
type: array
conditions:
items:
description: "Condition contains details for one aspect of the current
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Status []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: |-
Expand Down Expand Up @@ -217,12 +203,7 @@ spec:
- Unknown
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
Expand Down
Loading