Add the provider field to the OCIRepository API

Signed-off-by: Stefan Prodan <[email protected]>

Author: stefanprodan

api/v1beta2/ocirepository_types.go

@@ -30,13 +30,28 @@ const (
 
 	// OCIRepositoryPrefix is the prefix used for OCIRepository URLs.
 	OCIRepositoryPrefix = "oci://"
+
+	// GenericOCIProvider provides support for authentication using static credentials
+	// for any OCI compatible API such as Docker Registry, GitHub Container Registry,
+	// Docker Hub, Quay, etc.
+	GenericOCIProvider string = "generic"
+
+	// AmazonOCIProvider provides support for OCI authentication using AWS IRSA.
+	AmazonOCIProvider string = "aws"
+
+	// GoogleOCIProvider provides support for OCI authentication using GCP workload identity.
+	GoogleOCIProvider string = "gcp"
+
+	// AzureOCIProvider provides support for OCI authentication using a Azure Service Principal,
+	// Managed Identity or Shared Key.
+	AzureOCIProvider string = "azure"
 )
 
 // OCIRepositorySpec defines the desired state of OCIRepository
 type OCIRepositorySpec struct {
 	// URL is a reference to an OCI artifact repository hosted
 	// on a remote container registry.
-	// +kubebuilder:validation:Pattern="^oci://"
+	// +kubebuilder:validation:Pattern="^oci://.*$"
 	// +required
 	URL string `json:"url"`
 
@@ -45,6 +60,13 @@ type OCIRepositorySpec struct {
 	// +optional
 	Reference *OCIRepositoryRef `json:"ref,omitempty"`
 
+	// The provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'.
+	// When not specified, defaults to 'generic'.
+	// +kubebuilder:validation:Enum=generic;aws;azure;gcp
+	// +kubebuilder:default:=generic
+	// +optional
+	Provider string `json:"provider,omitempty"`
+
 	// SecretRef contains the secret name containing the registry login
 	// credentials to resolve image metadata.
 	// The secret must be of type kubernetes.io/dockerconfigjson.

config/crd/bases/source.toolkit.fluxcd.io_ocirepositories.yaml

@@ -75,6 +75,16 @@ spec:
               interval:
                 description: The interval at which to check for image updates.
                 type: string
+              provider:
+                default: generic
+                description: The provider used for authentication, can be 'aws', 'azure',
+                  'gcp' or 'generic'. When not specified, defaults to 'generic'.
+                enum:
+                - generic
+                - aws
+                - azure
+                - gcp
+                type: string
               ref:
                 description: The OCI reference to pull and monitor for changes, defaults
                   to the latest tag.
@@ -119,7 +129,7 @@ spec:
               url:
                 description: URL is a reference to an OCI artifact repository hosted
                   on a remote container registry.
-                pattern: ^oci://
+                pattern: ^oci://.*$
                 type: string
             required:
             - interval

docs/api/source.md

@@ -968,6 +968,19 @@ defaults to the latest tag.</p>
 </tr>
 <tr>
 <td>
+<code>provider</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>The provider used for authentication, can be &lsquo;aws&rsquo;, &lsquo;azure&rsquo;, &lsquo;gcp&rsquo; or &lsquo;generic&rsquo;.
+When not specified, defaults to &lsquo;generic&rsquo;.</p>
+</td>
+</tr>
+<tr>
+<td>
 <code>secretRef</code><br>
 <em>
 <a href="https://godoc.org/github.com/fluxcd/pkg/apis/meta#LocalObjectReference">
@@ -2621,6 +2634,19 @@ defaults to the latest tag.</p>
 </tr>
 <tr>
 <td>
+<code>provider</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>The provider used for authentication, can be &lsquo;aws&rsquo;, &lsquo;azure&rsquo;, &lsquo;gcp&rsquo; or &lsquo;generic&rsquo;.
+When not specified, defaults to &lsquo;generic&rsquo;.</p>
+</td>
+</tr>
+<tr>
+<td>
 <code>secretRef</code><br>
 <em>
 <a href="https://godoc.org/github.com/fluxcd/pkg/apis/meta#LocalObjectReference">