feat: [PL-58641]: oidc support for aws sm and kms (#632)

* feat: [PL-58641]: oidc support for aws sm and kms

* feat: [PL-58641]: add oidc support for aws sm and aws kms

harness/nextgen/enum_aws_kms_credential_type.go

@@ -3,19 +3,22 @@ package nextgen
 type AwsKmsAuthType string
 
 var AwsKmsAuthTypes = struct {
-	AssumeIAMRole AwsKmsAuthType
-	AssumeSTSRole AwsKmsAuthType
-	ManualConfig  AwsKmsAuthType
+	AssumeIAMRole      AwsKmsAuthType
+	AssumeSTSRole      AwsKmsAuthType
+	ManualConfig       AwsKmsAuthType
+	OidcAuthentication AwsKmsAuthType
 }{
-	AssumeIAMRole: "AssumeIAMRole",
-	AssumeSTSRole: "AssumeSTSRole",
-	ManualConfig:  "ManualConfig",
+	AssumeIAMRole:      "AssumeIAMRole",
+	AssumeSTSRole:      "AssumeSTSRole",
+	ManualConfig:       "ManualConfig",
+	OidcAuthentication: "OidcAuthentication",
 }
 
 var AwsKmsAuthTypeValues = []string{
 	AwsKmsAuthTypes.AssumeIAMRole.String(),
 	AwsKmsAuthTypes.AssumeSTSRole.String(),
 	AwsKmsAuthTypes.ManualConfig.String(),
+	AwsKmsAuthTypes.OidcAuthentication.String(),
 }
 
 func (e AwsKmsAuthType) String() string {

harness/nextgen/enum_aws_secret_manager_auth_types.go

@@ -3,19 +3,22 @@ package nextgen
 type AwsSecretManagerAuthType string
 
 var AwsSecretManagerAuthTypes = struct {
-	AssumeIAMRole AwsSecretManagerAuthType
-	AssumeSTSRole AwsSecretManagerAuthType
-	ManualConfig  AwsSecretManagerAuthType
+	AssumeIAMRole      AwsSecretManagerAuthType
+	AssumeSTSRole      AwsSecretManagerAuthType
+	ManualConfig       AwsSecretManagerAuthType
+	OidcAuthentication AwsSecretManagerAuthType
 }{
-	AssumeIAMRole: "AssumeIAMRole",
-	AssumeSTSRole: "AssumeSTSRole",
-	ManualConfig:  "ManualConfig",
+	AssumeIAMRole:      "AssumeIAMRole",
+	AssumeSTSRole:      "AssumeSTSRole",
+	ManualConfig:       "ManualConfig",
+	OidcAuthentication: "OidcAuthentication",
 }
 
 var AwsSecretManagerAuthTypeValues = []string{
 	AwsSecretManagerAuthTypes.AssumeIAMRole.String(),
 	AwsSecretManagerAuthTypes.AssumeSTSRole.String(),
 	AwsSecretManagerAuthTypes.ManualConfig.String(),
+	AwsSecretManagerAuthTypes.OidcAuthentication.String(),
 }
 
 func (e AwsSecretManagerAuthType) String() string {

harness/nextgen/model_aws_kms_connector.go

@@ -12,10 +12,17 @@ package nextgen
 // This has configuration details for the AWS KMS Secret Manager.
 type AwsKmsConnector struct {
 	Credential *AwsKmsConnectorCredential `json:"credential"`
-	KmsArn     string                     `json:"kmsArn"`
+	// ARN for AWS KMS.
+	KmsArn string `json:"kmsArn"`
 	// Region for AWS KMS.
-	Region string `json:"region"`
+	Region    string `json:"region"`
+	IsDefault bool   `json:"isDefault,omitempty"`
 	// List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
-	DelegateSelectors []string `json:"delegateSelectors,omitempty"`
-	Default_          bool     `json:"default,omitempty"`
+	DelegateSelectors                      []string                                `json:"delegateSelectors,omitempty"`
+	AwsOidcTokenExchangeDetailsForDelegate *AwsOidcTokenExchangeDetailsForDelegate `json:"awsOidcTokenExchangeDetailsForDelegate,omitempty"`
+	IgnoreTestConnection                   bool                                    `json:"ignoreTestConnection,omitempty"`
+	// Should the secret manager execute operations on the delegate, or via Harness platform
+	ExecuteOnDelegate bool   `json:"executeOnDelegate"`
+	Default_          bool   `json:"default"`
+	ConnectorType     string `json:"connectorType"`
 }

harness/nextgen/model_aws_kms_connector_credential.go

@@ -18,5 +18,6 @@ type AwsKmsConnectorCredential struct {
 	AssumeIamRole *AwsKmsCredentialSpecAssumeIam    `json:"-"`
 	AssumeStsRole *AwsKmsCredentialSpecAssumeSts    `json:"-"`
 	ManualConfig  *AwsKmsCredentialSpecManualConfig `json:"-"`
+	OidcConfig    *AwsSmCredentialSpecOidcConfig    `json:"-"`
 	Spec          json.RawMessage                   `json:"spec,omitempty"`
 }

harness/nextgen/model_aws_kms_connector_credential_serializer.go

@@ -27,6 +27,8 @@ func (a *AwsKmsConnectorCredential) UnmarshalJSON(data []byte) error {
 		err = json.Unmarshal(aux.Spec, &a.AssumeStsRole)
 	case AwsKmsAuthTypes.ManualConfig:
 		err = json.Unmarshal(aux.Spec, &a.ManualConfig)
+	case AwsKmsAuthTypes.OidcAuthentication:
+		err = json.Unmarshal(aux.Spec, &a.OidcConfig)
 	default:
 		panic(fmt.Sprintf("unknown aws kms auth type %s", a.Type_))
 	}
@@ -47,6 +49,8 @@ func (a *AwsKmsConnectorCredential) MarshalJSON() ([]byte, error) {
 		spec, err = json.Marshal(a.AssumeStsRole)
 	case AwsKmsAuthTypes.ManualConfig:
 		spec, err = json.Marshal(a.ManualConfig)
+	case AwsKmsAuthTypes.OidcAuthentication:
+		spec, err = json.Marshal(a.OidcConfig)
 	default:
 		panic(fmt.Sprintf("unknown aws kms auth type %s", a.Type_))
 	}

harness/nextgen/model_aws_kms_credential_spec_manual_config.go

@@ -11,6 +11,8 @@ package nextgen
 
 // This contains the AWS KMS Secret Manager's secret reference access key and secret key.
 type AwsKmsCredentialSpecManualConfig struct {
-	AccessKey string `json:"accessKey"`
-	SecretKey string `json:"secretKey"`
+	// List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
+	DelegateSelectors []string `json:"delegateSelectors"`
+	AccessKey         string   `json:"accessKey"`
+	SecretKey         string   `json:"secretKey"`
 }

harness/nextgen/model_aws_oidc_token_exchange_details_for_delegate.go

@@ -0,0 +1,15 @@
+/*
+ * Harness NextGen Software Delivery Platform API Reference
+ *
+ * This is the Open Api Spec 3 for the NextGen Manager. This is under active development. Beware of the breaking change with respect to the generated code stub
+ *
+ * API version: 3.0
+ * Contact: [email protected]
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+package nextgen
+
+type AwsOidcTokenExchangeDetailsForDelegate struct {
+	OidcIdToken       string `json:"oidcIdToken,omitempty"`
+	IdTokenExpiryTime int64  `json:"idTokenExpiryTime,omitempty"`
+}

harness/nextgen/model_aws_secret_managar_credential_serializer.go

@@ -27,6 +27,8 @@ func (a *AwsSecretManagerCredential) UnmarshalJSON(data []byte) error {
 		err = json.Unmarshal(aux.Spec, &a.AssumeIamRole)
 	case AwsSecretManagerAuthTypes.AssumeSTSRole:
 		err = json.Unmarshal(aux.Spec, &a.AssumeStsRole)
+	case AwsSecretManagerAuthTypes.OidcAuthentication:
+		err = json.Unmarshal(aux.Spec, &a.OidcConfig)
 	default:
 		panic(fmt.Sprintf("unknown aws auth type %s", a.Type_))
 	}
@@ -48,6 +50,8 @@ func (a *AwsSecretManagerCredential) MarshalJSON() ([]byte, error) {
 		// noop
 	case AwsSecretManagerAuthTypes.AssumeSTSRole:
 		spec, err = json.Marshal(a.AssumeStsRole)
+	case AwsSecretManagerAuthTypes.OidcAuthentication:
+		spec, err = json.Marshal(a.OidcConfig)
 	default:
 		panic(fmt.Sprintf("unknown aws auth type %s", a.Type_))
 	}

harness/nextgen/model_aws_secret_manager.go

@@ -17,9 +17,17 @@ type AwsSecretManager struct {
 	// Text that is prepended to the Secret name as a prefix.
 	SecretNamePrefix string `json:"secretNamePrefix,omitempty"`
 	// List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
-	DelegateSelectors []string `json:"delegateSelectors,omitempty"`
-	Default_          bool     `json:"default,omitempty"`
-	UsePutSecret      bool     `json:"usePutSecret,omitempty"`
+	DelegateSelectors                      []string                                `json:"delegateSelectors,omitempty"`
+	AwsOidcTokenExchangeDetailsForDelegate *AwsOidcTokenExchangeDetailsForDelegate `json:"awsOidcTokenExchangeDetailsForDelegate,omitempty"`
+	IgnoreTestConnection                   bool                                    `json:"ignoreTestConnection,omitempty"`
+	// Should the secret manager execute operations on the delegate, or via Harness platform
+	ExecuteOnDelegate bool `json:"executeOnDelegate"`
+	// Whether to update secret value using putSecretValue action.
+	UsePutSecret bool `json:"usePutSecret,omitempty"`
+	// Whether to delete the secret without any recovery window.
 	ForceDeleteWithoutRecovery bool `json:"forceDeleteWithoutRecovery,omitempty"`
-	RecoveryWindowInDays int64 `json:"recoveryWindowInDays,omitempty"`
+	// Number of days a Secret can be recovered after it is deleted.
+	RecoveryWindowInDays int64  `json:"recoveryWindowInDays,omitempty"`
+	Default_             bool   `json:"default"`
+	ConnectorType        string `json:"connectorType"`
 }

harness/nextgen/model_aws_secret_manager_credential.go

@@ -17,5 +17,6 @@ type AwsSecretManagerCredential struct {
 	AssumeIamRole *AwsSmCredentialSpecAssumeIam    `json:"-"`
 	AssumeStsRole *AwsSmCredentialSpecAssumeSts    `json:"-"`
 	ManualConfig  *AwsSmCredentialSpecManualConfig `json:"-"`
+	OidcConfig    *AwsSmCredentialSpecOidcConfig   `json:"-"`
 	Spec          json.RawMessage                  `json:"spec,omitempty"`
 }

harness/nextgen/model_aws_sm_credential_spec_oidc_config.go

@@ -0,0 +1,17 @@
+/*
+ * Harness NextGen Software Delivery Platform API Reference
+ *
+ * This is the Open Api Spec 3 for the NextGen Manager. This is under active development. Beware of the breaking change with respect to the generated code stub  # Authentication  <!-- ReDoc-Inject: <security-definitions> -->
+ *
+ * API version: 3.0
+ * Contact: [email protected]
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+package nextgen
+
+// Returns secret reference access key and secret key of AWS Secret Manager.
+type AwsSmCredentialSpecOidcConfig struct {
+	// List of Delegate Selectors that belong to the same Delegate and are used to connect to the Secret Manager.
+	DelegateSelectors []string `json:"delegateSelectors"`
+	IamRoleArn        string   `json:"iamRoleArn,omitempty"`
+}